Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UGcjMkPWwW.exe

Overview

General Information

Sample name:UGcjMkPWwW.exe
renamed because original name is a hash value
Original sample name:14988e9d35a0c92435297f7b2821dc60.exe
Analysis ID:1542681
MD5:14988e9d35a0c92435297f7b2821dc60
SHA1:8c00da2ab4cf6da0c179f283eac0053231859f8c
SHA256:677b8ff45ebb9486a99aecf8dd2b4b362010573ecc4d0d082eda6a36a7cab671
Tags:32exetrojan
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • UGcjMkPWwW.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\UGcjMkPWwW.exe" MD5: 14988E9D35A0C92435297F7B2821DC60)
    • OpenWith.exe (PID: 7316 cmdline: "C:\Windows\system32\openwith.exe" MD5: 0ED31792A7FFF811883F80047CBCFC91)
      • OpenWith.exe (PID: 7404 cmdline: "C:\Windows\system32\openwith.exe" MD5: E4A834784FA08C17D47A1E72429C5109)
        • wmlaunch.exe (PID: 7720 cmdline: "C:\Program Files\Windows Media Player\wmlaunch.exe" MD5: 836F3636C231980EAD81C84BCA55D82B)
          • dllhost.exe (PID: 7760 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1fr"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
UGcjMkPWwW.exeJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000001.00000003.1743648406.0000000000C40000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000000.00000000.1707524321.00000000003D1000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000001.00000003.1768649425.0000000004ECF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 23 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.UGcjMkPWwW.exe.3d0000.0.unpackJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
                0.2.UGcjMkPWwW.exe.3d0000.0.unpackJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
                  1.3.OpenWith.exe.5180000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    0.3.UGcjMkPWwW.exe.3c00000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      1.3.OpenWith.exe.5180000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                        Click to see the 4 entries

                        Sigma Signatures

                        Sigma detected: Dllhost Internet Connection
                        Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 193.149.185.109, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 7760, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49739

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-10-26T07:08:23.216587+020028548242Potentially Bad Traffic185.196.11.2379697192.168.2.449735TCP
                        2024-10-26T07:08:33.165194+020028548242Potentially Bad Traffic185.196.11.2379697192.168.2.449738TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-10-26T07:08:09.613244+020028548021Domain Observed Used for C2 Detected185.196.11.2379697192.168.2.449730TCP
                        2024-10-26T07:08:23.216587+020028548021Domain Observed Used for C2 Detected185.196.11.2379697192.168.2.449735TCP
                        2024-10-26T07:08:33.165194+020028548021Domain Observed Used for C2 Detected185.196.11.2379697192.168.2.449738TCP
                        2024-10-26T07:08:39.290556+020028548021Domain Observed Used for C2 Detected193.149.185.109443192.168.2.449739TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: UGcjMkPWwW.exeMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1fr"}
                        Multi AV Scanner detection for domain / URL
                        Source: https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1frVirustotal: Detection: 8%Perma Link
                        Multi AV Scanner detection for submitted file
                        Source: UGcjMkPWwW.exeReversingLabs: Detection: 65%
                        Source: UGcjMkPWwW.exeVirustotal: Detection: 82%Perma Link
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Machine Learning detection for sample
                        Source: UGcjMkPWwW.exeJoe Sandbox ML: detected
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401542258 CryptUnprotectData,2_3_00007DF401542258
                        Source: UGcjMkPWwW.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 193.149.185.109:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: UGcjMkPWwW.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdb source: UGcjMkPWwW.exe, 00000000.00000003.1742498648.0000000003C80000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742437180.0000000000550000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745057785.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745121603.0000000005080000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: UGcjMkPWwW.exe, 00000000.00000003.1742681763.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742866792.0000000003E20000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745436761.0000000005180000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745270453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb!8 source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: UGcjMkPWwW.exe, 00000000.00000003.1741895197.0000000003DF0000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1741747932.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744570517.0000000005150000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744423678.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: UGcjMkPWwW.exe, 00000000.00000003.1742108870.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742251026.0000000003DA0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744926026.0000000005100000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744787920.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: UGcjMkPWwW.exe, 00000000.00000003.1741895197.0000000003DF0000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1741747932.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744570517.0000000005150000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744423678.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: UGcjMkPWwW.exe, 00000000.00000003.1742108870.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742251026.0000000003DA0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744926026.0000000005100000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744787920.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831H source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdb source: wmlaunch.exe, wmlaunch.exe, 00000006.00000003.2031195643.000001E4D5B30000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000006.00000003.2031233133.000001E4D5B60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: UGcjMkPWwW.exe, 00000000.00000003.1742681763.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742866792.0000000003E20000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745436761.0000000005180000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745270453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdbUGP source: UGcjMkPWwW.exe, 00000000.00000003.1742498648.0000000003C80000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742437180.0000000000550000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745057785.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745121603.0000000005080000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdbGCTL source: wmlaunch.exe, 00000006.00000003.2031195643.000001E4D5B30000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000006.00000003.2031233133.000001E4D5B60000.00000004.00000001.00020000.00000000.sdmp
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppDataJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\DefaultJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStoreJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalizationJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\LocalJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\MicrosoftJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeCode function: 4x nop then dec esp2_3_00007DF40154E261
                        Source: C:\Windows\System32\OpenWith.exeCode function: 4x nop then dec esp2_2_00000251D3090511
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 4x nop then dec esp6_2_000001E4D5865641

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.196.11.237:9697 -> 192.168.2.4:49730
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.196.11.237:9697 -> 192.168.2.4:49738
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.196.11.237:9697 -> 192.168.2.4:49735
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.149.185.109:443 -> 192.168.2.4:49739
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1fr
                        Source: global trafficTCP traffic: 192.168.2.4:49730 -> 185.196.11.237:9697
                        Source: Joe Sandbox ViewASN Name: SIMPLECARRIERCH SIMPLECARRIERCH
                        Source: Joe Sandbox ViewASN Name: DANISCODK DANISCODK
                        Source: Joe Sandbox ViewJA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 185.196.11.237:9697 -> 192.168.2.4:49735
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 185.196.11.237:9697 -> 192.168.2.4:49738
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.196.11.237
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401574520 WSARecv,2_3_00007DF401574520
                        Source: OpenWith.exe, OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066579486.00000251D50BB000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2116558649.00000251D5171000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2118106280.00000251D5363000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897761721.00000251D5158000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934539814.00000251D5172000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1939343716.00000251D5172000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897605961.00000251D5158000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1877587550.00000251D5158000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D5158000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2116279598.00000251D535B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1fr
                        Source: OpenWith.exe, 00000001.00000002.1826825865.0000000000ABC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1fr(
                        Source: wmlaunch.exe, 00000006.00000002.2963426023.000001E4D5C77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1frV
                        Source: OpenWith.exe, 00000001.00000003.1826414618.000000000534A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117417948.00000251D3090000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1frkernelbasentdllkernel32GetProcessMitigationP
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: OpenWith.exe, 00000002.00000003.1907438108.00000251D568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com
                        Source: OpenWith.exe, 00000002.00000003.1907438108.00000251D568E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com
                        Source: OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2118049130.00000251D5189000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1908124915.00000251D5186000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058668514.00000251D5186000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1939089748.00000251D5186000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066984941.00000251D5189000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mic
                        Source: OpenWith.exe, 00000002.00000003.1907554669.00000251D50DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                        Source: OpenWith.exe, 00000002.00000003.1900403681.00000251D561B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                        Source: OpenWith.exe, 00000002.00000003.1907554669.00000251D50DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117778749.00000251D50BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                        Source: OpenWith.exe, 00000002.00000003.1900403681.00000251D561B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                        Source: OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                        Source: unknownHTTPS traffic detected: 193.149.185.109:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742681763.0000000003C00000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_1aaee10a-c
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742681763.0000000003C00000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_4915282c-b
                        Source: Yara matchFile source: 1.3.OpenWith.exe.5180000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.UGcjMkPWwW.exe.3c00000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.3.OpenWith.exe.5180000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.UGcjMkPWwW.exe.3e20000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.UGcjMkPWwW.exe.3c00000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.3.OpenWith.exe.4f60000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.UGcjMkPWwW.exe.3c00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000003.1745436761.0000000005180000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1742681763.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000003.1745270453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1742866792.0000000003E20000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: UGcjMkPWwW.exe PID: 7256, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: OpenWith.exe PID: 7316, type: MEMORYSTR
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00000251D31030C7 NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlFreeHeap,RtlFreeHeap,2_3_00000251D31030C7
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154C10C NtAcceptConnectPort,2_3_00007DF40154C10C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154D2F4 NtAcceptConnectPort,NtAcceptConnectPort,2_3_00007DF40154D2F4
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154B498 NtAcceptConnectPort,calloc,DuplicateHandle,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,2_3_00007DF40154B498
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154C47C NtAcceptConnectPort,2_3_00007DF40154C47C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154D3C0 NtAcceptConnectPort,NtAcceptConnectPort,2_3_00007DF40154D3C0
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154C70C NtAcceptConnectPort,2_3_00007DF40154C70C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154C7CC NtAcceptConnectPort,2_3_00007DF40154C7CC
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154ACE8 NtAcceptConnectPort,2_3_00007DF40154ACE8
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154BCC0 NtAcceptConnectPort,NtAcceptConnectPort,free,2_3_00007DF40154BCC0
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154ACC8 NtAcceptConnectPort,2_3_00007DF40154ACC8
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154AD14 NtAcceptConnectPort,2_3_00007DF40154AD14
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154AC0C NtAcceptConnectPort,2_3_00007DF40154AC0C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154AF60 NtAcceptConnectPort,2_3_00007DF40154AF60
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154AF40 NtAcceptConnectPort,2_3_00007DF40154AF40
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154ADD4 NtAcceptConnectPort,2_3_00007DF40154ADD4
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154AE5C NtAcceptConnectPort,2_3_00007DF40154AE5C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154BE6C calloc,NtAcceptConnectPort,2_3_00007DF40154BE6C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_2_00000251D3091A90 NtAcceptConnectPort,NtAcceptConnectPort,2_2_00000251D3091A90
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_2_00000251D3090AC8 NtAcceptConnectPort,NtAcceptConnectPort,2_2_00000251D3090AC8
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_2_00000251D30915AC NtAcceptConnectPort,2_2_00000251D30915AC
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_2_00000251D3091CD0 NtAcceptConnectPort,CloseHandle,2_2_00000251D3091CD0
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_3_00007DF4E2E91958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,6_3_00007DF4E2E91958
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_3_00007DF4E2E91CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,6_3_00007DF4E2E91CE8
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5872990 NtAcceptConnectPort,6_2_000001E4D5872990
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58729D4 NtAcceptConnectPort,6_2_000001E4D58729D4
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D587252C NtAcceptConnectPort,6_2_000001E4D587252C
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5872C64 NtAcceptConnectPort,6_2_000001E4D5872C64
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5872418 NtAcceptConnectPort,6_2_000001E4D5872418
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58728E8 NtAcceptConnectPort,6_2_000001E4D58728E8
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D587288C NtAcceptConnectPort,6_2_000001E4D587288C
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58728B8 NtAcceptConnectPort,6_2_000001E4D58728B8
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58727B8 NtAcceptConnectPort,6_2_000001E4D58727B8
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_00007DF4E2E92704 NtQuerySystemInformation,malloc,NtQuerySystemInformation,6_2_00007DF4E2E92704
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_00007DF4E2E91A50 NtQueryInformationProcess,6_2_00007DF4E2E91A50
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_00007DF4E2E91A08 NtAllocateVirtualMemory,6_2_00007DF4E2E91A08
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_00007DF4E2E91B3C NtReadVirtualMemory,6_2_00007DF4E2E91B3C
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_00007DF4E2E91ABC NtReadVirtualMemory,6_2_00007DF4E2E91ABC
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_00007DF4E2E91B7C NtReadVirtualMemory,6_2_00007DF4E2E91B7C
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_00007DF4E2E91D18 NtReadVirtualMemory,6_2_00007DF4E2E91D18
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A3385C NtQuerySystemInformation,7_2_000002D392A3385C
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_00430BC10_2_00430BC1
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00000251D3104A382_3_00000251D3104A38
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00000251D3102C3C2_3_00000251D3102C3C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00000251D31024F72_3_00000251D31024F7
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00000251D3105E7C2_3_00000251D3105E7C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00000251D310557C2_3_00000251D310557C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00000251D31058FC2_3_00000251D31058FC
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00000251D3101BA62_3_00000251D3101BA6
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00000251D310279C2_3_00000251D310279C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40157B1042_3_00007DF40157B104
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015226342_3_00007DF401522634
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015920BC2_3_00007DF4015920BC
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015EA1682_3_00007DF4015EA168
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40159CFB42_3_00007DF40159CFB4
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40161BFCC2_3_00007DF40161BFCC
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40160AF802_3_00007DF40160AF80
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015210582_3_00007DF401521058
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40156F02C2_3_00007DF40156F02C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4016172C82_3_00007DF4016172C8
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40160B3182_3_00007DF40160B318
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015BE24C2_3_00007DF4015BE24C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40160A4A02_3_00007DF40160A4A0
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4016084742_3_00007DF401608474
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015725242_3_00007DF401572524
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015FA3D42_3_00007DF4015FA3D4
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40156F3B82_3_00007DF40156F3B8
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40157A4302_3_00007DF40157A430
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015643F82_3_00007DF4015643F8
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015893F42_3_00007DF4015893F4
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015896E02_3_00007DF4015896E0
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015775E42_3_00007DF4015775E4
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015895D02_3_00007DF4015895D0
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40157D5942_3_00007DF40157D594
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40152F6242_3_00007DF40152F624
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40160A8BC2_3_00007DF40160A8BC
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40153F95C2_3_00007DF40153F95C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40154996C2_3_00007DF40154996C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40157B7B82_3_00007DF40157B7B8
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401599AE02_3_00007DF401599AE0
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40156FA942_3_00007DF40156FA94
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401579B702_3_00007DF401579B70
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401589B382_3_00007DF401589B38
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40153FB242_3_00007DF40153FB24
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40160FB042_3_00007DF40160FB04
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40161CB042_3_00007DF40161CB04
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40153D9F02_3_00007DF40153D9F0
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4016069A82_3_00007DF4016069A8
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40157CA382_3_00007DF40157CA38
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015FEBE42_3_00007DF4015FEBE4
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015C6C602_3_00007DF4015C6C60
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40158DC542_3_00007DF40158DC54
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401525C242_3_00007DF401525C24
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401609F682_3_00007DF401609F68
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401559F4C2_3_00007DF401559F4C
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401550F042_3_00007DF401550F04
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40156FDE02_3_00007DF40156FDE0
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401616DAC2_3_00007DF401616DAC
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401603D842_3_00007DF401603D84
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401531E542_3_00007DF401531E54
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF40160AE002_3_00007DF40160AE00
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_2_00000251D3090C5C2_2_00000251D3090C5C
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_3_00007DF4E2E922046_3_00007DF4E2E92204
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_3_00007DF4E2E9392C6_3_00007DF4E2E9392C
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_3_00007DF4E2E94EFC6_3_00007DF4E2E94EFC
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D586C25C6_2_000001E4D586C25C
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5872D246_2_000001E4D5872D24
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58626286_2_000001E4D5862628
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58A02706_2_000001E4D58A0270
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58772706_2_000001E4D5877270
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5875ADC6_2_000001E4D5875ADC
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5893A386_2_000001E4D5893A38
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58A3A4D6_2_000001E4D58A3A4D
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5894A506_2_000001E4D5894A50
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58801746_2_000001E4D5880174
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D589E9846_2_000001E4D589E984
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D589F1D06_2_000001E4D589F1D0
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D587DCE46_2_000001E4D587DCE4
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D589ECE46_2_000001E4D589ECE4
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5886D186_2_000001E4D5886D18
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58904786_2_000001E4D5890478
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58614D06_2_000001E4D58614D0
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D589CC006_2_000001E4D589CC00
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58A64346_2_000001E4D58A6434
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D587E3986_2_000001E4D587E398
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5876F246_2_000001E4D5876F24
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D587C7506_2_000001E4D587C750
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58876846_2_000001E4D5887684
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5883EA46_2_000001E4D5883EA4
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D587BEB86_2_000001E4D587BEB8
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58886B46_2_000001E4D58886B4
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5895EC86_2_000001E4D5895EC8
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5894DE86_2_000001E4D5894DE8
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D587F6186_2_000001E4D587F618
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58A0D906_2_000001E4D58A0D90
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58955B06_2_000001E4D58955B0
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58995D46_2_000001E4D58995D4
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58959186_2_000001E4D5895918
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D589F9406_2_000001E4D589F940
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58A08746_2_000001E4D58A0874
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58870946_2_000001E4D5887094
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D58948D06_2_000001E4D58948D0
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D587D0106_2_000001E4D587D010
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D589A81C6_2_000001E4D589A81C
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D588D8546_2_000001E4D588D854
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D5893F706_2_000001E4D5893F70
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_00007DF4E2EA22CC6_2_00007DF4E2EA22CC
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A53B407_2_000002D392A53B40
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A52AA07_2_000002D392A52AA0
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A3BC687_2_000002D392A3BC68
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A3737C7_2_000002D392A3737C
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A453C87_2_000002D392A453C8
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A541447_2_000002D392A54144
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A532107_2_000002D392A53210
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A522547_2_000002D392A52254
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A499987_2_000002D392A49998
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A489807_2_000002D392A48980
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A4F76C7_2_000002D392A4F76C
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A48EB87_2_000002D392A48EB8
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A498187_2_000002D392A49818
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A4A8607_2_000002D392A4A860
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A427A47_2_000002D392A427A4
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A3BFE47_2_000002D392A3BFE4
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A4E51C7_2_000002D392A4E51C
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A49D307_2_000002D392A49D30
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A4A4F87_2_000002D392A4A4F8
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A5C5007_2_000002D392A5C500
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A38DF47_2_000002D392A38DF4
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A61E087_2_000002D392A61E08
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A3D6047_2_000002D392A3D604
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A4AE107_2_000002D392A4AE10
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A546607_2_000002D392A54660
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A5C6687_2_000002D392A5C668
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A3C5D47_2_000002D392A3C5D4
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A525B47_2_000002D392A525B4
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742498648.0000000003CD0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742866792.0000000004001000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742681763.0000000003C00000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742498648.0000000003C80000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742108870.0000000003D23000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000000.1707604650.000000000044B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename4 vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742437180.0000000000550000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1741895197.0000000003F76000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1741747932.0000000003D78000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742437180.00000000005E2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exe, 00000000.00000003.1742251026.0000000003ECD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exeBinary or memory string: OriginalFilename4 vs UGcjMkPWwW.exe
                        Source: UGcjMkPWwW.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: 2.3.OpenWith.exe.251d535d970.5.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                        Source: 2.3.OpenWith.exe.251d535d970.4.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                        Source: 2.2.OpenWith.exe.251d535d970.1.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/0@0/2
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401522634 CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,SuspendThread,2_3_00007DF401522634
                        Source: C:\Windows\SysWOW64\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}
                        Source: C:\Windows\SysWOW64\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: OpenWith.exe, 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1875112434.00000251D4B67000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1863278174.00000251D4B6D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2117217556.00007DF401622000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2116111905.00000251D51BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                        Source: OpenWith.exe, 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1875112434.00000251D4B67000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1863278174.00000251D4B6D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2117217556.00007DF401622000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2116111905.00000251D51BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                        Source: OpenWith.exe, 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1875112434.00000251D4B67000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1863278174.00000251D4B6D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2117217556.00007DF401622000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2116111905.00000251D51BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                        Source: OpenWith.exe, 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1875112434.00000251D4B67000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1863278174.00000251D4B6D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2117217556.00007DF401622000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2116111905.00000251D51BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                        Source: OpenWith.exe, 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1875112434.00000251D4B67000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1863278174.00000251D4B6D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2117217556.00007DF401622000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2116111905.00000251D51BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                        Source: OpenWith.exe, 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1875112434.00000251D4B67000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1863278174.00000251D4B6D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2117217556.00007DF401622000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2116111905.00000251D51BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                        Source: OpenWith.exe, 00000002.00000003.1899461790.00000251D5685000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899889802.00000251D561F000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899655925.00000251D5685000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: OpenWith.exe, 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1875112434.00000251D4B67000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1863278174.00000251D4B6D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2117217556.00007DF401622000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2116111905.00000251D51BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                        Source: UGcjMkPWwW.exeReversingLabs: Detection: 65%
                        Source: UGcjMkPWwW.exeVirustotal: Detection: 82%
                        Source: unknownProcess created: C:\Users\user\Desktop\UGcjMkPWwW.exe "C:\Users\user\Desktop\UGcjMkPWwW.exe"
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeProcess created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe"
                        Source: C:\Windows\SysWOW64\OpenWith.exeProcess created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Windows Media Player\wmlaunch.exe "C:\Program Files\Windows Media Player\wmlaunch.exe"
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeProcess created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeProcess created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Windows Media Player\wmlaunch.exe "C:\Program Files\Windows Media Player\wmlaunch.exe"Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: netapi32.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: cscapi.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: mfplat.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: rtworkq.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\OutlookJump to behavior
                        Source: UGcjMkPWwW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                        Source: UGcjMkPWwW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                        Source: UGcjMkPWwW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                        Source: UGcjMkPWwW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: UGcjMkPWwW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                        Source: UGcjMkPWwW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                        Source: UGcjMkPWwW.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: UGcjMkPWwW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdb source: UGcjMkPWwW.exe, 00000000.00000003.1742498648.0000000003C80000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742437180.0000000000550000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745057785.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745121603.0000000005080000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: UGcjMkPWwW.exe, 00000000.00000003.1742681763.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742866792.0000000003E20000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745436761.0000000005180000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745270453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb!8 source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: UGcjMkPWwW.exe, 00000000.00000003.1741895197.0000000003DF0000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1741747932.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744570517.0000000005150000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744423678.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: UGcjMkPWwW.exe, 00000000.00000003.1742108870.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742251026.0000000003DA0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744926026.0000000005100000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744787920.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: UGcjMkPWwW.exe, 00000000.00000003.1741895197.0000000003DF0000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1741747932.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744570517.0000000005150000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744423678.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: UGcjMkPWwW.exe, 00000000.00000003.1742108870.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742251026.0000000003DA0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744926026.0000000005100000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1744787920.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831H source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdb source: wmlaunch.exe, wmlaunch.exe, 00000006.00000003.2031195643.000001E4D5B30000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000006.00000003.2031233133.000001E4D5B60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: UGcjMkPWwW.exe, 00000000.00000003.1742681763.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742866792.0000000003E20000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745436761.0000000005180000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745270453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdbUGP source: UGcjMkPWwW.exe, 00000000.00000003.1742498648.0000000003C80000.00000004.00000001.00020000.00000000.sdmp, UGcjMkPWwW.exe, 00000000.00000003.1742437180.0000000000550000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745057785.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1745121603.0000000005080000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdbGCTL source: wmlaunch.exe, 00000006.00000003.2031195643.000001E4D5B30000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000006.00000003.2031233133.000001E4D5B60000.00000004.00000001.00020000.00000000.sdmp
                        Source: UGcjMkPWwW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                        Source: UGcjMkPWwW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                        Source: UGcjMkPWwW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                        Source: UGcjMkPWwW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                        Source: UGcjMkPWwW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                        Data Obfuscation

                        barindex
                        .NET source code contains potential unpacker
                        Source: 2.2.OpenWith.exe.251d535d970.1.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 2.2.OpenWith.exe.251d535d970.1.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 2.3.OpenWith.exe.251d5359d60.6.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 2.3.OpenWith.exe.251d5359d60.6.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 2.2.OpenWith.exe.251d5359d60.2.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 2.2.OpenWith.exe.251d5359d60.2.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 2.3.OpenWith.exe.251d535d970.4.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 2.3.OpenWith.exe.251d535d970.4.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 2.3.OpenWith.exe.251d535d970.5.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 2.3.OpenWith.exe.251d535d970.5.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: UGcjMkPWwW.exeStatic PE information: section name: .textbss
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_00434C62 push es; retf 0_3_00434C91
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_00435E69 push ebx; iretd 0_3_00435E6A
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_00436A80 push edx; ret 0_3_00436A81
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_00434C95 push es; retf 0_3_00434C91
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_00432F50 push eax; retf 0_3_00432F51
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_00434170 push ecx; iretd 0_3_0043417C
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_00436777 push esi; ret 0_3_00436782
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_00434130 pushad ; ret 0_3_00434138
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_004361E2 push eax; retf 0_3_004361F1
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_004347A2 push ebp; iretd 0_3_004347A3
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_003DC01A push ds; iretd 0_2_003DC036
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_004312F4 push ecx; ret 0_2_00431307
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_003D1436 push ds; retf 0_2_003D143B
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_003DE5F8 push ebx; ret 0_2_003DE5F9
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF3EE9 push ebx; iretd 1_3_00AF3EEA
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF2CE2 push es; retf 1_3_00AF2D11
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF2822 push ebp; iretd 1_3_00AF2823
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF4262 push eax; retf 1_3_00AF4271
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF21B0 pushad ; ret 1_3_00AF21B8
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF47F7 push esi; ret 1_3_00AF4802
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF21F0 push ecx; iretd 1_3_00AF21FC
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF0FD0 push eax; retf 1_3_00AF0FD1
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF4B00 push edx; ret 1_3_00AF4B01
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF2D15 push es; retf 1_3_00AF2D11
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A30D45 pushad ; retf 7_2_000002D392A30D47
                        Source: C:\Windows\System32\dllhost.exeCode function: 7_2_000002D392A304AE push es; ret 7_2_000002D392A304B6
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Switches to a custom stack to bypass stack traces
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                        Source: C:\Windows\SysWOW64\OpenWith.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                        Source: C:\Windows\SysWOW64\OpenWith.exeAPI/Special instruction interceptor: Address: 54FA83A
                        Source: C:\Windows\System32\dllhost.exeCode function: GetAdaptersInfo,7_2_000002D392A32AC4
                        Source: C:\Windows\SysWOW64\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF4015222DC GetSystemInfo,VirtualAlloc,2_3_00007DF4015222DC
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppDataJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\DefaultJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStoreJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalizationJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\LocalJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\MicrosoftJump to behavior
                        Source: dllhost.exe, 00000007.00000002.2962467867.000002D392B7B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6
                        Source: OpenWith.exe, 00000002.00000003.1898161553.00000251D5158000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink^4
                        Source: OpenWith.exe, 00000002.00000003.1898161553.00000251D5158000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink
                        Source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                        Source: OpenWith.exe, 00000001.00000003.1745270453.0000000004F60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                        Source: OpenWith.exe, 00000002.00000003.1879317732.00000251D5158000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMCIDevSymbol
                        Source: OpenWith.exe, 00000001.00000002.1826940251.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmp, wmlaunch.exe, 00000006.00000002.2963101699.000001E4D5A18000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000002.2962467867.000002D392B7B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: OpenWith.exe, 00000002.00000003.1879317732.00000251D5158000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkymbolicLinkcLinkSymbolicLink
                        Source: OpenWith.exe, 00000001.00000003.1745270453.0000000004F60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                        Source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW}
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_00429AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00429AB4
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_3_00432277 mov eax, dword ptr fs:[00000030h]0_3_00432277
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_00432277 mov eax, dword ptr fs:[00000030h]0_2_00432277
                        Source: C:\Windows\SysWOW64\OpenWith.exeCode function: 1_3_00AF0283 mov eax, dword ptr fs:[00000030h]1_3_00AF0283
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_00424E5A GetProcessHeap,RtlAllocateHeap,GetModuleFileNameW,_wcsrchr,lstrlenW,GetProcessHeap,RtlFreeHeap,MulDiv,0_2_00424E5A
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_00425A33 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00425A33
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_00429AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00429AB4
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_004255A9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004255A9

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Allocates memory in foreign processes
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 2D392A30000 protect: page read and writeJump to behavior
                        Writes to foreign memory regions
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeMemory written: C:\Windows\System32\dllhost.exe base: 2D392A30000Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF70F3314E0Jump to behavior
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeProcess created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeProcess created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Windows Media Player\wmlaunch.exe "C:\Program Files\Windows Media Player\wmlaunch.exe"Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_00425845 cpuid 0_2_00425845
                        Source: C:\Windows\System32\OpenWith.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Windows\SysWOW64\OpenWith.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401541B18 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,2_3_00007DF401541B18
                        Source: C:\Users\user\Desktop\UGcjMkPWwW.exeCode function: 0_2_00425490 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00425490
                        Source: C:\Windows\SysWOW64\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: UGcjMkPWwW.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.UGcjMkPWwW.exe.3d0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.UGcjMkPWwW.exe.3d0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000003.1743648406.0000000000C40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000000.1707524321.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000003.1768649425.0000000004ECF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1740844173.00000000003C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.1827092674.00000000046E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1743471717.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Qtum-Electrum\config
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\ElectronCash\config
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\com.liberty.jaxx
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Exodus
                        Source: OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Binance
                        Source: OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Coinomi\Coinomi\wallets
                        Source: OpenWith.exe, 00000002.00000002.2117470660.00000251D3118000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live&:6
                        Tries to harvest and steal Bitcoin Wallet information
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-QtJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\SecurityJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64fJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtabJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settingsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.defaultJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsingJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomedJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browserJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285fJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnailsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98aJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloadsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entriesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeeaJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\mainJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                        Tries to steal Mail credentials (via file / registry access)
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\Documents\KATAXZVCPSJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\Documents\YPSIACHYXWJump to behavior
                        Source: Yara matchFile source: 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1903745557.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: OpenWith.exe PID: 7404, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: UGcjMkPWwW.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.UGcjMkPWwW.exe.3d0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.UGcjMkPWwW.exe.3d0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000003.1743648406.0000000000C40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000000.1707524321.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000003.1768649425.0000000004ECF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1740844173.00000000003C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.1827092674.00000000046E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1743471717.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401574088 socket,bind,2_3_00007DF401574088
                        Source: C:\Windows\System32\OpenWith.exeCode function: 2_3_00007DF401541B18 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,2_3_00007DF401541B18
                        Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 6_2_000001E4D586CDF4 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,6_2_000001E4D586CDF4

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		212
                        Process Injection                        		1
                        Virtualization/Sandbox Evasion                        		1
                        OS Credential Dumping                        		1
                        System Time Discovery                        		Remote Services1
                        Email Collection                        		22
                        Encrypted Channel                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                        DLL Side-Loading                        		212
                        Process Injection                        		21
                        Input Capture                        		131
                        Security Software Discovery                        		Remote Desktop Protocol21
                        Input Capture                        		1
                        Non-Standard Port                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                        Obfuscated Files or Information                        		1
                        Credentials in Registry                        		1
                        Virtualization/Sandbox Evasion                        		SMB/Windows Admin Shares1
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                        Software Packing                        		NTDS2
                        Process Discovery                        		Distributed Component Object Model21
                        Data from Local System                        		11
                        Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        DLL Side-Loading                        		LSA Secrets1
                        System Network Configuration Discovery                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials11
                        File and Directory Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync136
                        System Information Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        UGcjMkPWwW.exe66%ReversingLabsWin32.Spyware.Rhadamanthys
                        UGcjMkPWwW.exe82%VirustotalBrowse
                        UGcjMkPWwW.exe100%Joe Sandbox ML

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                        https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                        https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
                        https://www.ecosia.org/newtab/0%URL Reputationsafe
                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                        https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                        https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1fr8%VirustotalBrowse

                        Domains and IPs

                        Contacted Domains

                        No contacted domains info

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1frtrueunknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1frVwmlaunch.exe, 00000006.00000002.2963426023.000001E4D5C77000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://ac.ecosia.org/autocomplete?q=OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://duckduckgo.com/chrome_newtabOpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://discord.comOpenWith.exe, 00000002.00000003.1907438108.00000251D568E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://duckduckgo.com/ac/?q=OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoOpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallOpenWith.exe, 00000002.00000003.1900403681.00000251D561B000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchOpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://discordapp.comOpenWith.exe, 00000002.00000003.1907438108.00000251D568E000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1frkernelbasentdllkernel32GetProcessMitigationPOpenWith.exe, 00000001.00000003.1826414618.000000000534A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117417948.00000251D3090000.00000040.00000001.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016OpenWith.exe, 00000002.00000003.1907554669.00000251D50DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesOpenWith.exe, 00000002.00000003.1900403681.00000251D561B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17OpenWith.exe, 00000002.00000003.1907554669.00000251D50DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117778749.00000251D50BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.micOpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2118049130.00000251D5189000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1908124915.00000251D5186000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058668514.00000251D5186000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1939089748.00000251D5186000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066984941.00000251D5189000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://www.ecosia.org/newtab/OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=OpenWith.exe, 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1938316310.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899522861.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899717451.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2117938689.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1933970869.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2058362092.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898982100.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898402687.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1934822201.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2066321617.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1927967536.00000251D50FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1fr(OpenWith.exe, 00000001.00000002.1826825865.0000000000ABC000.00000004.00000010.00020000.00000000.sdmpfalse
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      185.196.11.237
                                      		unknownSwitzerland
                                      		42624SIMPLECARRIERCHtrue
                                      193.149.185.109
                                      		unknownDenmark
                                      		15411DANISCODKtrue

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1542681
                                      Start date and time:2024-10-26 07:07:06 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 8m 0s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:10
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:UGcjMkPWwW.exe
                                      renamed because original name is a hash value
                                      Original Sample Name:14988e9d35a0c92435297f7b2821dc60.exe
                                      Detection:MAL
                                      Classification:mal100.troj.spyw.evad.winEXE@9/0@0/2
                                      EGA Information:
                                      • Successful, ratio: 80%
                                      HCA Information:
                                      • Successful, ratio: 60%
                                      • Number of executed functions: 156
                                      • Number of non-executed functions: 24
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target OpenWith.exe, PID 7316 because there are no executed function
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtOpenFile calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtReadVirtualMemory calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      01:08:35API Interceptor1x Sleep call for process: wmlaunch.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      185.196.11.2371tstvk3Sls.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        updater.exeGet hashmaliciousRHADAMANTHYSBrowse

                                          Domains

                                          No context

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          DANISCODKyCvCChfuhl.exeGet hashmaliciousXenoRATBrowse
                                          • 193.149.187.135
                                          0LpFv1haTA.exeGet hashmaliciousWhiteSnake Stealer, XenoRATBrowse
                                          • 193.149.187.135
                                          175e4400e2e99b0d0ac35bd3fe68519fa91f9ae5cc7a7.exeGet hashmaliciousQuasarBrowse
                                          • 193.149.187.135
                                          file.exeGet hashmaliciousQuasar, WhiteSnake StealerBrowse
                                          • 193.149.187.135
                                          Bonifico 2692024pdf.exeGet hashmaliciousFormBookBrowse
                                          • 195.85.59.61
                                          _eagjyz.jsGet hashmaliciousUnknownBrowse
                                          • 193.149.129.167
                                          _gfsffp.jsGet hashmaliciousUnknownBrowse
                                          • 193.149.129.167
                                          _rnnsnn.jsGet hashmaliciousUnknownBrowse
                                          • 193.149.129.167
                                          _eagjyz.jsGet hashmaliciousUnknownBrowse
                                          • 193.149.129.167
                                          _gfsffp.jsGet hashmaliciousUnknownBrowse
                                          • 193.149.129.167
                                          SIMPLECARRIERCHx86_64.bin.elfGet hashmaliciousUnknownBrowse
                                          • 185.196.10.215
                                          fEv4R2ahiLCQa5O.exeGet hashmaliciousAgentTeslaBrowse
                                          • 185.196.9.150
                                          PW68YarHboeikgM.exeGet hashmaliciousAgentTeslaBrowse
                                          • 185.196.9.150
                                          IND24072113.xlsxGet hashmaliciousUnknownBrowse
                                          • 185.196.10.234
                                          SecuriteInfo.com.Win32.MalwareX-gen.30759.2179.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                          • 185.196.9.150
                                          request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                          • 185.196.10.234
                                          IND24072113_1.xlsxGet hashmaliciousUnknownBrowse
                                          • 185.196.10.234
                                          RepozetorySetup.exeGet hashmaliciousRedLineBrowse
                                          • 185.196.9.26
                                          NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                          • 185.196.10.234
                                          tsle.exeGet hashmaliciousRedLineBrowse
                                          • 185.196.9.26

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          caec7ddf6889590d999d7ca1b76373b6XAhzDHAVZ2.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109
                                          TctqdRX5Wq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109
                                          g753nr4GI9.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109
                                          msvcp110.dllGet hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109
                                          qsKo.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109
                                          DCF368HPtv.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109
                                          ji2OQQH0ei.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109
                                          zaD1vaze6V.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109
                                          1kfRGncRyD.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109
                                          5qckfVuvzX.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          • 193.149.185.109

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          No created / dropped files found

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):5.554199652866149
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:UGcjMkPWwW.exe
                                          File size:433'152 bytes
                                          MD5:14988e9d35a0c92435297f7b2821dc60
                                          SHA1:8c00da2ab4cf6da0c179f283eac0053231859f8c
                                          SHA256:677b8ff45ebb9486a99aecf8dd2b4b362010573ecc4d0d082eda6a36a7cab671
                                          SHA512:808401d94154a10a5e531b51af6f0a4876b9bbc0c288c33eb964101b30780766a4d7539cb146285d0bceddca4fbc77e072aab91224ab66c29c3feb04a13c2221
                                          SSDEEP:6144:YAYM3ZEWqf/qwPF7LR5W8ZJ74zmRiOFBbMh9q/JSt3ChNeK06iiRzmi0F9:YWBqf/qq3R5W8ZB4zmRzbagsViRUF9
                                          TLSH:5194F14CB5D2C175E9724A32C85496F05E3DBD50CB179EE773A43E293A302E05E32A7A
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......UP.|.1@/.1@/.1@/ZIC..1@/ZIE..1@/ZID..1@/.NE.71@/.ND..1@/.NC..1@/ZIA..1@/.1A/v1@/+.D..1@/.1@/.1@/+../.1@/+.B..1@/Rich.1@/.......

                                          File Icon

                                          Icon Hash:100109193979390f

                                          Static PE Info

                                          General

                                          Entrypoint:0x455235
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x645F7B5F [Sat May 13 11:58:23 2023 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:6
                                          OS Version Minor:0
                                          File Version Major:6
                                          File Version Minor:0
                                          Subsystem Version Major:6
                                          Subsystem Version Minor:0
                                          Import Hash:1cda62d85d4d631949032bd51ab17a29

                                          Entrypoint Preview

                                          Instruction
                                          call 00007F3B10F3B988h
                                          jmp 00007F3B10F3B55Fh
                                          push ebp
                                          mov ebp, esp
                                          mov eax, dword ptr [ebp+08h]
                                          push esi
                                          mov ecx, dword ptr [eax+3Ch]
                                          add ecx, eax
                                          movzx eax, word ptr [ecx+14h]
                                          lea edx, dword ptr [ecx+18h]
                                          add edx, eax
                                          movzx eax, word ptr [ecx+06h]
                                          imul esi, eax, 28h
                                          add esi, edx
                                          cmp edx, esi
                                          je 00007F3B10F3B6FBh
                                          mov ecx, dword ptr [ebp+0Ch]
                                          cmp ecx, dword ptr [edx+0Ch]
                                          jc 00007F3B10F3B6ECh
                                          mov eax, dword ptr [edx+08h]
                                          add eax, dword ptr [edx+0Ch]
                                          cmp ecx, eax
                                          jc 00007F3B10F3B6EEh
                                          add edx, 28h
                                          cmp edx, esi
                                          jne 00007F3B10F3B6CCh
                                          xor eax, eax
                                          pop esi
                                          pop ebp
                                          ret
                                          mov eax, edx
                                          jmp 00007F3B10F3B6DBh
                                          push esi
                                          call 00007F3B10F3BE75h
                                          test eax, eax
                                          je 00007F3B10F3B702h
                                          mov eax, dword ptr fs:[00000018h]
                                          mov esi, 004798E4h
                                          mov edx, dword ptr [eax+04h]
                                          jmp 00007F3B10F3B6E6h
                                          cmp edx, eax
                                          je 00007F3B10F3B6F2h
                                          xor eax, eax
                                          mov ecx, edx
                                          lock cmpxchg dword ptr [esi], ecx
                                          test eax, eax
                                          jne 00007F3B10F3B6D2h
                                          xor al, al
                                          pop esi
                                          ret
                                          mov al, 01h
                                          pop esi
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          cmp dword ptr [ebp+08h], 00000000h
                                          jne 00007F3B10F3B6E9h
                                          mov byte ptr [004798E8h], 00000001h
                                          call 00007F3B10F3BC60h
                                          call 00007F3B10F3C944h
                                          test al, al
                                          jne 00007F3B10F3B6E6h
                                          xor al, al
                                          pop ebp
                                          ret
                                          call 00007F3B10F3F453h
                                          test al, al
                                          jne 00007F3B10F3B6ECh
                                          push 00000000h
                                          call 00007F3B10F3C94Bh
                                          pop ecx
                                          jmp 00007F3B10F3B6CBh
                                          mov al, 01h
                                          pop ebp
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          cmp byte ptr [004798E9h], 00000000h
                                          je 00007F3B10F3B6E6h
                                          mov al, 01h

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x7794c0x50.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x7b0000x1498.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x7d0000xf40.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x76e400x1c.rdata
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x76d800x40.rdata
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x720000x164.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x605330x606008c71992a565121f35b5f27a39b6d6624False0.6513709873540856data5.481481565943248IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .textbss0x620000x100000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rdata0x720000x611e0x6200a34d227343b26b448c2fbf0c5a1bcb3eFalse0.4164540816326531data4.833087325483854IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0x790000x13200xa0062f04be8889719ef402cb8fde140eaa0False0.1546875DOS executable (block device driver \277DN)2.040813955897899IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x7b0000x14980x1600f89593d6580680aa51828d8936d570bdFalse0.2762784090909091data3.8859060526590135IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0x7d0000xf400x1000aee597d25215ac27829b6f1ddaaf38bdFalse0.755615234375data6.454880869273466IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0x7b0f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.2619606003752345
                                          RT_GROUP_ICON0x7c1980x14dataEnglishUnited States1.1
                                          RT_VERSION0x7c1b00x2e4dataEnglishUnited States0.4554054054054054

                                          Imports

                                          DLLImport
                                          KERNEL32.dllCloseHandle, HeapCreate, HeapDestroy, HeapAlloc, HeapFree, GetProcessHeap, WaitForSingleObject, CreateEventA, GetModuleFileNameW, GetModuleHandleA, MulDiv, lstrlenW, WriteConsoleW, CreateFileW, SetFilePointerEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, HeapReAlloc, HeapSize, LCMapStringW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW, DecodePointer
                                          USER32.dllLoadImageA, GetIconInfo, DialogBoxParamA, EndDialog, SendMessageW, InflateRect, SetForegroundWindow, OffsetRect, GetWindowLongA, SendDlgItemMessageA, GetDlgItem, SetWindowPos, UnionRect
                                          ole32.dllCoInitializeEx, CoTaskMemFree

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States

                                          Network Behavior

                                          Suricata IDS Alerts

                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                          2024-10-26T07:08:09.613244+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1185.196.11.2379697192.168.2.449730TCP
                                          2024-10-26T07:08:23.216587+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1185.196.11.2379697192.168.2.449735TCP
                                          2024-10-26T07:08:23.216587+02002854824ETPRO JA3 HASH Suspected Malware Related Response2185.196.11.2379697192.168.2.449735TCP
                                          2024-10-26T07:08:33.165194+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1185.196.11.2379697192.168.2.449738TCP
                                          2024-10-26T07:08:33.165194+02002854824ETPRO JA3 HASH Suspected Malware Related Response2185.196.11.2379697192.168.2.449738TCP
                                          2024-10-26T07:08:39.290556+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1193.149.185.109443192.168.2.449739TCP

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Oct 26, 2024 07:08:08.511765957 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:08.517318964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:08.517416954 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:08.517515898 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:08.523080111 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:09.604239941 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:09.607893944 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:09.613244057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:09.929090977 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:09.976670980 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:09.982212067 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.318396091 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.318413973 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.318419933 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.318645000 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.318661928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.318672895 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.318684101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.318705082 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.318736076 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.319392920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.319402933 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.319412947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.319423914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.319580078 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.319911957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.319924116 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.319972038 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.327382088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.327460051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.327670097 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.485940933 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.486222982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.486238956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.486294031 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.486432076 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.486479998 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.491539001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.491554022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.491595984 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.491822004 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.491837978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.491885900 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.496793032 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.496810913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.496850967 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.497065067 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.497082949 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.497128963 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.502142906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.502160072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.502171993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.502187014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.502226114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.502226114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.502377033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.502393961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.502407074 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.502448082 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.507416010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.507432938 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.507466078 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.507630110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.507646084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.507675886 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.515285969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.515511036 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.515547991 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.515562057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.515607119 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.524128914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.524241924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.524421930 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.630918980 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.631022930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.631040096 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.631072044 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.631328106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.631371975 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.631597042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.631613016 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.631644011 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.632024050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.632272959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.632287979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.632308960 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.632730007 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.632745028 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.632774115 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.633222103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.633235931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.633250952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.633265972 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.633290052 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.633922100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.634049892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.634100914 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.634373903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.634387970 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.634402990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.634426117 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.635024071 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.635040045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.635055065 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.635080099 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.635096073 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.635763884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.635901928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.635956049 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.636159897 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.636176109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.636246920 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.638921022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.639091015 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.639106035 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.639133930 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.645704985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.645750046 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.645786047 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.645853996 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.645895958 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.646073103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.652909994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.652959108 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.653011084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.653026104 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.653062105 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.660100937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.660240889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.660254955 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.660286903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.667275906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.667342901 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.667385101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.667448997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.667488098 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.667650938 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.674820900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.674890041 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.674925089 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.674940109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.674983025 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.681526899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.681673050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.681688070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.681718111 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.688546896 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.688563108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.688576937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.688618898 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.688633919 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.694562912 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.694690943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.694716930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.694749117 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.702276945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.702361107 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.702415943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.745920897 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.785073042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.785094976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.785155058 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.785162926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.785346985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.785362959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.785377026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.785393000 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.785418034 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.785981894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.786178112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.786192894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.786221981 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.786712885 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.786727905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.786761045 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.787031889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.787046909 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.787062883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.787075996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.787096024 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.787797928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.787990093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.788006067 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.788034916 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.788507938 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.788523912 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.788537979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.788552046 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.788579941 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.789194107 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.789210081 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.789225101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.789251089 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.789834976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.789885044 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.790011883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.790028095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.790067911 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.790683985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.790882111 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.790896893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.790925980 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.791405916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.791421890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.791435957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.791452885 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.791454077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.791486025 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.792294025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.792315006 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.792335033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.792337894 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.792370081 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.793133020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.793148041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.793162107 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.793188095 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.793811083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.793826103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.793855906 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.793988943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.794004917 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.794028997 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.794327974 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.794363976 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.794529915 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.794544935 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.794559956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.794590950 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.795397997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.795413971 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.795429945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.795444965 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.795459032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.797040939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.797055006 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.797087908 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.797205925 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.803246975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.803261042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.803292990 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.804447889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.804492950 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.804527044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.810775995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.810791969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.810806036 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.810826063 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.810866117 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.815529108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.815711021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.815754890 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.819255114 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.819267988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.819298983 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.822459936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.822649002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.822765112 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.826035976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.826217890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.826260090 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.830074072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.830252886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.830267906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.830295086 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.837460995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.837475061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.837490082 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.837507963 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.837527037 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.842458963 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.842482090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.842516899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.845087051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.845155001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.845195055 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.851397991 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.851543903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.851557970 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.851591110 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.856573105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.856617928 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.856739044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.902029037 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.936070919 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.936088085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.936105967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.936131954 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.936500072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.936516047 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.936542034 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.936837912 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.936852932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.936878920 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.937253952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.937269926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.937295914 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.937597990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.937613010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.937628031 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.937639952 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.937644005 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.937664032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.938565016 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.938581944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.938596010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.938608885 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.938611984 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.938627005 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.938643932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.938663006 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.939610004 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.939661026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.939697027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.939702034 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.939733982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.939763069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.939771891 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.940354109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.940387964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.940388918 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.940423012 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.940454960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.940463066 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.940489054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.940529108 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.941215038 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.941250086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.941293955 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.941401005 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.941435099 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.941478014 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.942207098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.942240953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.942276001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.942285061 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.942346096 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.942398071 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.943306923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.943361044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.943393946 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.943409920 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.943428040 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.943460941 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.943476915 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.943995953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.944031954 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.944048882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.944173098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.944205999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.944216013 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.945009947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.945044041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.945058107 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.945076942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.945110083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.945120096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.945142031 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.945184946 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.945774078 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.945807934 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.945852041 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.945921898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.946136951 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.946166039 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.946183920 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.946198940 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.946232080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.946248055 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.951541901 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.951570034 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.951601028 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.952881098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.952908993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.952928066 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.956928015 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.956955910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.956975937 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.961407900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.961460114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.961539030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.962743998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.962790966 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.963072062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.963102102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.963138103 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.963212013 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.973678112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.973730087 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.973830938 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.973860025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.973906040 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.974153042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.977000952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.977050066 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.977159023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.980248928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.980299950 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.980374098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.985210896 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.985254049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.985276937 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.985290051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.985336065 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.991604090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.991635084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.991668940 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.991673946 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:10.991702080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:10.991755009 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.001475096 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.001504898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.001547098 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.006050110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.006206989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.006248951 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.014995098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.015098095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.015131950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.015146971 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.021634102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.021689892 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.021769047 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.073735952 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.105079889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.105372906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.105386972 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.105416059 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.105504036 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.105546951 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.105654955 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.105669975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.105705023 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.106110096 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.106123924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.106137991 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.106153011 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.106163025 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.106185913 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.107044935 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.107059956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.107074976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.107090950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.107095957 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.107105017 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.107130051 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.107821941 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.107839108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.107852936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.107863903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.107888937 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.107968092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.108891010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.108906031 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.108920097 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.108932018 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.108935118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.108948946 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.108953953 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.108966112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.108995914 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.109672070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.109687090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.109702110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.109716892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.109730959 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.109734058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.109743118 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.109766006 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.110455990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.110471964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.110510111 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.110606909 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.110622883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.110635042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.110661983 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.111417055 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.111433029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.111445904 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.111462116 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.111475945 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.111478090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.111501932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.111515045 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.112369061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.112401962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.112432957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.112440109 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.112468004 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.112499952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.112509966 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.112531900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.112572908 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.113173962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.113207102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.113246918 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.113336086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.113384962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.113418102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.113424063 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.113976002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114010096 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114022017 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.114145994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114180088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114187956 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.114800930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114835024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114847898 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.114866972 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114898920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114914894 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.114933014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114964962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.114974976 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.115276098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.115303993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.115329027 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.125539064 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.125572920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.125582933 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.125606060 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.125642061 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.127959967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.127990961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.128029108 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.134639978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.134757042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.134794950 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.136794090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.136965990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.137003899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.138303041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.138315916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.138353109 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.172952890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.173115969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.173131943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.173156977 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.173444986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.173460960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.173475027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.173487902 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.173501968 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.174071074 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.174083948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.174118996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.175292969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.175487995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.175502062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.175529957 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.190623999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.190674067 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.190681934 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.190711021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.190757036 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.200721979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.200758934 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.200792074 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.200795889 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.201004982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.201050997 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.201472044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.245596886 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.260263920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.260374069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.260417938 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.301727057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.301862001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.301893950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.301947117 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.302052975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.302088976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.302115917 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.302124023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.302161932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.302196026 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.302791119 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.302839041 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.302843094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.302876949 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.302911997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.302917004 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.303493977 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.303528070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.303541899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.303561926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.303606033 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.303615093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.304316998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.304352045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.304361105 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.304384947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.304419041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.304451942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.304452896 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.304668903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.305151939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.305186987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.305221081 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.305228949 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.305254936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.305286884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.305293083 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.305949926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.305984974 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.305996895 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.306020975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.306054115 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.306062937 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.306757927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.306792974 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.306806087 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.306823015 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.306857109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.306862116 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.306889057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.306931019 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.307578087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.307612896 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.307646990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.307653904 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.307679892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.307713032 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.307718992 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.308418036 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.308451891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.308474064 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.308480978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.308515072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.308523893 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.308548927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.308594942 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.309680939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.309715986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.309751034 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.309756994 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.309783936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.309824944 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.309834003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.309890032 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.309922934 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.309942007 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.309957027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.309988976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.309992075 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.310024023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.310055971 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.310061932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.310847998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.310883045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.310894966 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.310915947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.310950041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.310959101 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.310982943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.311028004 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.317400932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.317512989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.317547083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.317563057 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.317784071 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.317830086 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.323750019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.323864937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.323894978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.323905945 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.324011087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.324053049 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.326644897 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.326764107 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.326800108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.326826096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.361560106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.361640930 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.361686945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.361720085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.361886024 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.361900091 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.361933947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.361973047 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.362190962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.362334967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.362369061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.362381935 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.362402916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.362440109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.362449884 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.362827063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.362916946 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.364280939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.364382029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.364412069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.364428043 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.364528894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.364572048 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.387068987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.387104034 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.387137890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.387154102 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.398391008 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.398463011 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.398477077 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.398499966 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.398542881 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.398739100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.398870945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.398902893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.398933887 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.448754072 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.519937038 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520026922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520045042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520097971 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.520245075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520289898 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.520365000 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520565033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520581007 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520610094 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.520826101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520842075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520854950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520865917 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.520872116 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.520895004 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.521404982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.521420002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.521434069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.521440983 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.521450996 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.521466970 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.521473885 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.521482944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.521507025 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.522299051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.522315025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.522327900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.522339106 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.522344112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.522360086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.522367954 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.522397995 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.523173094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523189068 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523201942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523216963 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523221970 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.523233891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523248911 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523261070 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.523292065 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.523842096 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523857117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523870945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523885965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523901939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.523907900 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.523942947 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.524775982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.524792910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.524807930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.524822950 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.524823904 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.524838924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.524857044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.524857998 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.524874926 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.525731087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.525748014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.525763035 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.525773048 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.525779009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.525795937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.525804043 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.525810957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.525831938 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.526652098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.526667118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.526681900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.526690006 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.526698112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.526712894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.526720047 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.526730061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.526751041 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.527595043 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.527610064 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.527623892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.527638912 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.527641058 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.527654886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.527658939 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.527698994 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.528404951 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.528422117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.528434038 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.528449059 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.528465033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.528480053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.528481960 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.528489113 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.528495073 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.528502941 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.528517008 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.528533936 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.529172897 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.529189110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.529217958 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.536485910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.536511898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.536525965 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.536623001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.536665916 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.536719084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.541703939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.541796923 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.541799068 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.541815996 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.541848898 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.542027950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.542124987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.542138100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.542166948 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.544431925 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.544492960 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.544513941 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.544528961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.544562101 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.577120066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.577146053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.577177048 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.577203989 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.577415943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.577462912 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.577558041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.577697992 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.577712059 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.577725887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.577733040 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.577743053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.577761889 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.580811024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.580851078 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.580889940 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.580905914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.580948114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.604728937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.604875088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.604908943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.605006933 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.741134882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.741229057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.741266966 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.741283894 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.741414070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.741449118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.741468906 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.741485119 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.741538048 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.741877079 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.741909027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.741941929 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.741990089 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.742259026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.742292881 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.742316961 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.742533922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.742562056 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.742594957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.742598057 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.742645025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.742677927 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.742677927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.742712021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.742724895 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.742744923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.742810011 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.743484020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.743516922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.743551016 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.743582010 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.743583918 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.743617058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.743650913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.743699074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.743699074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.744282961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.744333982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.744364977 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.744398117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.744410038 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.744431019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.744458914 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.744463921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.744497061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.744529009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.744555950 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.744585991 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.745245934 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.745279074 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.745311022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.745337009 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.745346069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.745378971 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.745412111 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.745423079 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.745469093 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.746172905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.746206045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.746237993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.746260881 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.746270895 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.746303082 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.746335030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.746345043 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.746367931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.746371031 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.747126102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.747159004 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.747180939 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.747193098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.747227907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.747260094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.747350931 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.747350931 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.747360945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.747389078 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.747421980 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.747435093 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.748090029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.748121977 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.748146057 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.748157024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.748189926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.748223066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.748250961 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.748256922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.748267889 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.749032021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749064922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749085903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.749099970 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749133110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749155045 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.749165058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749200106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749217033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749248981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749253988 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.749263048 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.749768019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749803066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749828100 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.749835968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749875069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749907017 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.749907970 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749941111 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.749973059 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.749974012 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.750025034 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.760570049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.760668039 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.760699987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.760827065 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.765010118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.765077114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.765109062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.765141010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.765197992 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.768776894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.768893957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.768927097 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.768980980 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.769084930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.769117117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.769186974 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.792704105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.792768955 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.792855978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.792896986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.793009996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.793037891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.793071032 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.793104887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.793118000 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.793410063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.793494940 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.793503046 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.795131922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.795186043 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.795197010 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.795219898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.795269012 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.937529087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937570095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937623978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937638044 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.937659979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937693119 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937746048 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937766075 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.937778950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937812090 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.937813997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937845945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937880993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937911987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937920094 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.937920094 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.937944889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.937978029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938010931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938045025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938050032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.938050032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.938079119 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938162088 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.938361883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938395023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938427925 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938442945 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.938461065 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938493013 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938524961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938529968 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.938560009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.938580990 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.939233065 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.939265966 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.939302921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.939335108 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.939351082 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.939353943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.939387083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.939419985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.939440012 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.939452887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.939519882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.940157890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.940191031 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.940223932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.940257072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.940289021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.940303087 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.940303087 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.940321922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.940380096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.941068888 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.941102982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.941133976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.941159964 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.941246986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.941324949 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.941432953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.941464901 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.941550016 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.941579103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.941613913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.941692114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.944819927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.944854021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.944886923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.944920063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.944941044 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.944969893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.944987059 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945003986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945038080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945070982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945101976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945118904 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945118904 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945135117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945167065 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945188999 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945199966 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945233107 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945266008 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945288897 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945298910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945318937 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945333004 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945365906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945389986 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945398092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945430994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945457935 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945467949 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945518970 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945802927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945836067 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945868969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945888042 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.945918083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945951939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.945983887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.946017027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.946021080 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.946021080 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.946728945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.946762085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.946795940 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.946827888 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.946841002 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.946841002 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.946888924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.946922064 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.946944952 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.946954966 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.947004080 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.947573900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.947607040 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.947751045 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.953911066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.953943014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.953975916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.954025984 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.958050013 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.958131075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.958162069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.958185911 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.958225965 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.960942984 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.960994005 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.961025953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.961102962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.961129904 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.961153030 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.986155987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.986258984 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.986293077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.986347914 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.986499071 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.986531019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.986567974 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.986783028 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.986905098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.986937046 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.986969948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.986993074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.987276077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.987334967 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:11.988135099 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.988212109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.988245010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:11.988270044 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.042623043 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.120408058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.120481014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.120517969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.120553017 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.120619059 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.120651960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.120673895 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.120685101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.120718956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.120755911 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.121205091 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.121253014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.121284962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.121288061 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.121319056 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.121351957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.121386051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.121392965 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.121392965 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.121912003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.121949911 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.121982098 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.121985912 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122020960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122054100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122087002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122106075 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.122106075 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.122119904 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122179031 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.122672081 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122848988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122881889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122915030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122919083 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.122947931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.122972012 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.122981071 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.123013973 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.123065948 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.123728037 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.123761892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.123795986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.123821974 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.123830080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.123862982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.123894930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.123912096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.123912096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.123928070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.123984098 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.124613047 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.124646902 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.124677896 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.124711037 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.124718904 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.124742985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.124768019 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.124775887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.124809027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.124842882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.124866009 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.124896049 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.125514030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.125546932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.125580072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.125600100 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.125612974 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.125644922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.125678062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.125720978 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.125720978 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.126399994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.126434088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.126467943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.126499891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.126532078 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.126540899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.126540899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.126564026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.126597881 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.126661062 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.127258062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.127290964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.127331018 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.127343893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.127377033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.127408981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.127409935 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.127443075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.127465010 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.127475977 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.127532005 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.128160954 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.128194094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.128226042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.128258944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.128289938 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.128292084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.128324986 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.128325939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.128377914 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.128895998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.128928900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.128961086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.128994942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129026890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129043102 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.129043102 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.129059076 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129092932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129125118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129127979 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.129158974 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129223108 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.129744053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129777908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129810095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129842997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129883051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.129900932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.129919052 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.129926920 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.133071899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.133142948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.133177042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.133210897 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.138130903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.138164043 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.138197899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.138199091 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.138247967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.138250113 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.138282061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.138310909 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.138369083 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.138394117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.138426065 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.138452053 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.170734882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.170770884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.170805931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.170845032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.170845032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.170905113 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.170938015 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.170970917 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.170989037 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.171004057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.171294928 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.171483994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.171672106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.171705961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.171739101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.171772957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.171792030 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.171792030 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.214385986 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.298650026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.298778057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.298815012 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.298866034 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.298898935 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.298911095 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.298911095 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.298949003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.298981905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.299012899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.299264908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.299349070 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.299405098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.299433947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.299493074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.299611092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.299643993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.299676895 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.299710035 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.299729109 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.299825907 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.299962044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300010920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300045967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300077915 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300080061 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.300112009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300136089 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.300144911 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300189972 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300199986 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.300781965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300813913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300847054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300879002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300889015 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.300889015 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.300911903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300944090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.300976992 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.301011086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.301021099 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.301021099 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.301592112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.301624060 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.301656961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.301680088 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.301688910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.301723003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.301754951 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.301774025 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.302231073 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.302310944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.302342892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.302369118 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.302376986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.302411079 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.302419901 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.302444935 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.302489042 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.302495003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303133965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303168058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303198099 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.303199053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303231955 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303265095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303297043 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303318024 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.303318977 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.303345919 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303380013 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303412914 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.303934097 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303966045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.303997993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.304030895 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.304037094 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.304037094 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.304064035 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.304096937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.304128885 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.304168940 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.304168940 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.304862022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.304894924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.304927111 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.304953098 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.304960012 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.304991961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305025101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305058002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305072069 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.305072069 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.305088997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305154085 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.305803061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305835962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305867910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305891037 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.305901051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305933952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305953026 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.305967093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.305998087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306030989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306061983 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.306071043 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.306756020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306788921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306822062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306854010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306854963 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.306889057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306902885 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.306921005 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306952000 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306986094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.306994915 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.307099104 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.307517052 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.307550907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.307583094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.307610989 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.307615042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.307648897 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.307681084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.307713985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.307718039 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.307738066 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.307745934 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.307777882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.307862043 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.307962894 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.312021971 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.312076092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.312108994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.312155962 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.312155962 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.315238953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.315291882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.315345049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.315347910 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.316912889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.316965103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.316966057 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.316996098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.317029953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.317065001 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.351675987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.351735115 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.351767063 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.351769924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.351815939 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.351934910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.351968050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352086067 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.352119923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352154016 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352231979 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.352360964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352411985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352444887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352478027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352503061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352524996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.352524996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.352730989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352746010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352761030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352776051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.352798939 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.352798939 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.401855946 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.495445013 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495507956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495544910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495578051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495613098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495632887 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.495661974 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.495682001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495721102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495749950 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.495754957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495788097 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495821953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.495831013 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.495928049 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.496198893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.496263981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.496298075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.496305943 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.496332884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.496427059 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.496592045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.496624947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.496659040 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.496682882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.496691942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.496736050 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.497145891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.497178078 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.497210979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.497243881 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.497245073 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.497277021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.497311115 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.497344017 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.497371912 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.497371912 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.497376919 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.497435093 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.498009920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498044968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498074055 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498115063 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.498123884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498158932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498191118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498220921 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.498223066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498256922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498290062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498296022 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.498296022 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.498322964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.498485088 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.499028921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499063969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499097109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499130011 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499162912 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499170065 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.499170065 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.499196053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499228001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499248028 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.499262094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499295950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499339104 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.499882936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499916077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499937057 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.499950886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.499984026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500016928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500051975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500066996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.500066996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.500086069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500118971 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500164032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.500819921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500854969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500886917 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500920057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500931978 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.500931978 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.500953913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500986099 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.500997066 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.501022100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.501055956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.501090050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.501097918 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.501179934 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.501802921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.501851082 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.501883030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.501914024 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.501914978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.501950026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.501982927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502016068 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502026081 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.502026081 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.502051115 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502084017 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502144098 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.502759933 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502794027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502827883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502861977 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502870083 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.502870083 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.502893925 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502928019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.502959013 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503006935 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503021002 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.503021002 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.503047943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503130913 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.503400087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503540993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503575087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503607988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503617048 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.503640890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503658056 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.503673077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503707886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503712893 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.503741026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503772974 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503807068 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.503846884 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.503846884 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.505702972 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.505754948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.505789042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.505834103 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.507191896 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.507244110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.507261992 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.507276058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.507350922 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.508043051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.508071899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.508290052 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.508984089 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.508984089 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.535671949 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.535742998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.535778999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.535811901 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.535845995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.535856009 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.535856009 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.535878897 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.535912991 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.535938978 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.535947084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.535983086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536050081 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.536103010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536130905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536158085 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.536216021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536248922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536273003 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.536284924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536319017 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536353111 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.536551952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536583900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536607981 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.536617041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536652088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.536746979 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.537406921 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.537406921 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.673686028 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.673818111 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.673851967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.673887014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.673902035 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.673943996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.673955917 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.673990965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674024105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674038887 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.674058914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674161911 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674220085 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.674226999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674261093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674282074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.674457073 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674489975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674534082 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.674619913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674648046 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674664021 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.674680948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674714088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674747944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674757957 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.674781084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.674786091 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.675098896 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675131083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675164938 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675183058 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.675198078 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675205946 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.675231934 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675266981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675317049 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.675579071 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675625086 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.675685883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675719023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675751925 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675785065 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675807953 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.675818920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675829887 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.675853968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675883055 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.675929070 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.676294088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676326990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676337004 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.676359892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676393986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676426888 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676436901 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.676467896 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.676708937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676872015 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676907063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676940918 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676950932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.676974058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.676981926 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.677006960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677042007 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677073956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677088976 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.677108049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677117109 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.677140951 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677797079 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677829981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677853107 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.677862883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677877903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.677896023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677923918 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677956104 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677967072 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.677989960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.677997112 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.678024054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678056955 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678088903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678111076 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.678138971 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.678699970 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678733110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678765059 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678776979 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.678798914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678831100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678863049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678874969 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.678895950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.678906918 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.678931952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679035902 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.679295063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679346085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679397106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679430962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679442883 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.679464102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679470062 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.679497957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679529905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679563046 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679572105 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.679594994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.679605961 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.679627895 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680357933 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680392027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680404902 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.680423975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680428028 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.680457115 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680489063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680490971 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.680521965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680555105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680587053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680602074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.680619955 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.680629969 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.680654049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681301117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681334019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681349993 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.681368113 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681376934 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.681401014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681432962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681468010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681482077 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.681500912 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681512117 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.681535006 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681567907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681600094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.681612015 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.681643009 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.682005882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.682040930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.682550907 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.682754993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.682782888 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.682816029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.682863951 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.682868004 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.682908058 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.684078932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.684176922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.684210062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.684263945 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.684983015 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.685026884 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.685034037 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.693308115 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.715492010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715558052 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.715562105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715620041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715655088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715688944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715706110 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.715722084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715730906 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.715774059 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715806961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715841055 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715852022 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.715873957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715883017 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.715907097 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715935946 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715967894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.715986967 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.716001034 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.716012001 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.716036081 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.716068029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.716113091 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.716119051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.716152906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.716156960 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.716185093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.716217041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.716248989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.716259956 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.716280937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.716291904 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.733064890 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.758544922 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.841855049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.841897964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.841953039 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.841964006 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.841989040 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842024088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842057943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842072010 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.842111111 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842147112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842159986 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.842175007 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842210054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842243910 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.842305899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842339993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842351913 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.842372894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842410088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842422009 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.842458010 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.842565060 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842597008 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842629910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842662096 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842673063 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.842703104 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.842715979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.842749119 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843015909 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843035936 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.843045950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843079090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843112946 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843123913 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.843144894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843156099 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.843177080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843215942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843259096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.843518019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843550920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843565941 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.843585014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843619108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843652010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843662024 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.843684912 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843693018 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.843718052 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843878984 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.843964100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.843996048 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844029903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844063044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844064951 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.844096899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844103098 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.844132900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844268084 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.844495058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844546080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844578981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844611883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844630957 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.844645023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844656944 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.844679117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844712973 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844746113 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844748974 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.844779968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844788074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.844811916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844845057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.844856024 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.845453978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845489025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845505953 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.845523119 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845556021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845587969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845592976 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.845621109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845628977 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.845654011 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845686913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845720053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845730066 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.845752001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845761061 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.845784903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845818996 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.845865011 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.846318960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846353054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846386909 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846405983 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.846420050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846426964 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.846452951 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846487045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846522093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846534014 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.846563101 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.846853018 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846887112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846920013 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846954107 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846967936 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.846987009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.846995115 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.847018957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847053051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847085953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847100019 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.847119093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847127914 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.847151041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847186089 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847229958 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.847817898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847852945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847884893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847901106 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.847918034 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847925901 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.847949982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.847982883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848016024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848026991 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.848048925 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848054886 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.848082066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848115921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848149061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848159075 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.848189116 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.848731995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848767042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848798990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848831892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848844051 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.848865986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848874092 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.848898888 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848931074 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848963022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.848975897 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.848997116 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.849003077 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.849030972 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.849064112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.849098921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.849107981 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.849140882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.849519014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.850754023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.850788116 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.850841045 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.851885080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.851950884 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.851954937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.851969957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.853167057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.853213072 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.853226900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.853243113 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.853265047 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.859117985 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.885595083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.885668993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.885704041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.885723114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.885744095 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.885807991 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.885842085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.885889053 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.885968924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886001110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886113882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.886188984 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886221886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886255026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886287928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886301041 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.886322975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886327028 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.886621952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886656046 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886688948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886707067 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.886722088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886729956 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.886755943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886789083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886823893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886833906 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.886852026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:12.886864901 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.887923956 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:12.887939930 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.009557009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.009614944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.009690046 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.009725094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.009742022 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.009762049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.009766102 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.009803057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.009831905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.009881973 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.009974957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010009050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010019064 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.010044098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010077000 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010109901 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010117054 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.010150909 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.010201931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010266066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010298967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010332108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010339022 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.010373116 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.010529995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010564089 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010597944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010631084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010652065 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.010668039 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010673046 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.010927916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010960102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.010993958 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011004925 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.011029959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011063099 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011069059 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.011094093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011101007 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.011126995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011159897 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011171103 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.011421919 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011455059 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011468887 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.011487961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011521101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011554956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011563063 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.011589050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011596918 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.011893988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011943102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011976004 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.011985064 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.012008905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012016058 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.012044907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012077093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012110949 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012116909 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.012144089 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012149096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.012178898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012669086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012701035 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012713909 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.012734890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012742996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.012767076 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012799978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012831926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012840033 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.012866020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012873888 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.012897968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012928963 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012960911 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.012969971 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.012994051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013003111 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.013027906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013183117 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.013612986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013645887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013679028 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013711929 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013720036 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.013742924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013751984 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.013776064 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013803959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013817072 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.013835907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013869047 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013901949 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013951063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013987064 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.013998032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.013998032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.014029980 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.014374971 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014425993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014458895 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014492035 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014504910 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.014524937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014530897 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.014558077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014590979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014622927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014631033 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.014661074 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014666080 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.014693022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014725924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.014729977 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.015393019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015427113 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015444994 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.015459061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015491962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015528917 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015536070 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.015562057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015568018 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.015594959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015626907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015657902 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015666008 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.015691042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015697002 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.015705109 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.015723944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015755892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015772104 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.015786886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.015825987 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.016232014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016264915 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016318083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016350985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016365051 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.016382933 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016395092 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.016417027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016448975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016483068 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016493082 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.016515017 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016525030 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.016547918 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016580105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016612053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.016622066 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.016654968 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.017194033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.017227888 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.017260075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.017270088 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.017292976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.017326117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.017359018 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.017369986 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.017391920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.017401934 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.017425060 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.017457962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.017507076 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.021071911 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.021114111 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.023117065 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.023145914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.023196936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.023201942 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.023226023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.023273945 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.024388075 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.024660110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.024707079 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.024710894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.024740934 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.024772882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.024816036 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.026352882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.026422977 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.026454926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.026484013 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.026498079 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.040563107 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.059767962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.059823990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.059859037 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.059906006 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.059921026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.059953928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.059963942 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.059988022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060089111 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060117006 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060132980 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.060161114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.060190916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060225964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060288906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060328960 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.060415983 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060445070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060458899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.060478926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060513020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060545921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060549974 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.060587883 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.060657024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060736895 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060765028 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060805082 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.060874939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060903072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060916901 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.060935020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.060969114 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.061007977 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.061075926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.061109066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.061116934 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.061141968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.061175108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.061214924 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.172378063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172425032 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172504902 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172544003 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.172558069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172594070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172631025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172652960 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.172665119 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172678947 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.172699928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172750950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172776937 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.172785044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172817945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172827959 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.172852039 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172884941 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172919989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172933102 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.172952890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.172972918 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.172986031 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173013926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173063993 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.173070908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173105001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173137903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173146963 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.173172951 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173182011 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.173224926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173258066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173291922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173300028 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.173326969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173331022 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.173362017 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173440933 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.173583031 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173610926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173644066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173676968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173708916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173737049 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.173743010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173775911 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173800945 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.173809052 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.173856020 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.174047947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174081087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174113989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174135923 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.174153090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174185991 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174201012 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.174217939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174252033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174267054 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.174285889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174331903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.174654961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174690008 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174725056 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174738884 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.174760103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174793959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174820900 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.174828053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174863100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174881935 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.174896955 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174931049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.174978018 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.175474882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175518990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175532103 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.175555944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175590992 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175625086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175630093 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.175661087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175674915 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.175694942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175729036 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175764084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175776958 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.175800085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175812006 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.175913095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175946951 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175981045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.175992012 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.176014900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176028967 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.176052094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176084995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176119089 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176132917 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.176151991 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176166058 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.176186085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176218033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176250935 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176265001 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.176285028 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176299095 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.176743031 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176778078 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176791906 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.176829100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176865101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176881075 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.176898956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176933050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176943064 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.176965952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.176999092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177021027 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.177033901 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177067995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177083015 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.177100897 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177134991 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177150011 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.177167892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177216053 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.177561998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177745104 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177781105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177800894 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.177814007 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177849054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177859068 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.177879095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177911997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177928925 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.177946091 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.177978992 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178013086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178025961 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178046942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178061008 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178081036 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178113937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178143978 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178477049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178527117 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178659916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178694010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178729057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178740025 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178762913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178764105 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178796053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178824902 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178831100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178845882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178864002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178898096 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178911924 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178930998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178944111 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.178965092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.178997993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.179045916 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.179476976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.179512024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.179546118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.179559946 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.179579020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.179593086 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.179656982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.179701090 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.181727886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.181763887 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.181782007 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.181797981 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.181812048 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.181828022 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.181864023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.182044983 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.182849884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.182903051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.182918072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.182945013 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.184096098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.184140921 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.184151888 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.184166908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.184206963 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.184684038 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.184708118 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.220689058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.220746040 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.220779896 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.220794916 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.220814943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.220902920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.220935106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.220952034 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.220968962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.220993042 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.221023083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221164942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221199989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221213102 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.221246958 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.221298933 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221333027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221465111 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221498013 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221510887 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.221532106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221544981 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.221622944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221654892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221671104 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.221692085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221738100 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.221807003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221839905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221884012 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.221939087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.221966982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.222001076 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.222012997 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.222080946 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.222114086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.222129107 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.276920080 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314251900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314299107 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314335108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314368963 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314403057 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314431906 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314445019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314480066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314513922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314522982 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314547062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314599991 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314631939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314644098 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314666986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314675093 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314721107 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314770937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314804077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314812899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314836979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314846039 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314867020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314902067 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314935923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.314944983 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314977884 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.314990997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315083027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315116882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315150023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315160990 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.315185070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315192938 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.315355062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315383911 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315409899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.315416098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315449953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315462112 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.315483093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315515995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315529108 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.315550089 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315584898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315593958 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.315747023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315805912 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.315857887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315891981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315923929 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315937042 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.315958023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.315990925 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316004992 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.316028118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316076040 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.316273928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316308022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316342115 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316356897 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.316376925 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316411018 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316426039 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.316443920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316478014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316502094 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.316512108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316545010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316566944 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.316920042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316948891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.316971064 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.316981077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317015886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317034960 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317053080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317086935 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317104101 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317118883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317152977 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317167997 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317186117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317219973 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317234993 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317253113 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317286968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317308903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317320108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317358017 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317364931 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317388058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317691088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317723989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317743063 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317769051 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317775965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317810059 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317843914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317877054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317888975 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317910910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317922115 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.317944050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.317979097 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318011999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318022966 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.318048000 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318057060 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.318084002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318460941 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318506956 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.318511009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318545103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318557978 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.318578959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318614006 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318628073 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.318649054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318682909 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318696022 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.318717003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318749905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318762064 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.318783998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.318829060 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.319197893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319231987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319264889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319281101 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.319298983 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319353104 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319387913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319401979 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.319421053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319432974 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.319453955 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319487095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319499969 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.319520950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319555044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319566011 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.319587946 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319622040 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.319644928 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320034981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320069075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320096016 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320121050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320154905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320167065 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320188999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320223093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320238113 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320255995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320290089 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320324898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320338964 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320358992 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320372105 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320393085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320425987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320460081 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320476055 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320486069 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320497990 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320508003 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320621014 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.320929050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320962906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.320997000 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321014881 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.321037054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321046114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.321070910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321104050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321156979 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.321382999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321422100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321432114 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.321518898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321532965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321548939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321557045 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.321564913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.321594954 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.322601080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.322638988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.322647095 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.322654009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.322868109 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.323431015 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.323443890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.323487043 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.323498011 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.323510885 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.323548079 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.326348066 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.358958006 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359014034 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359046936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359080076 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.359081984 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359127998 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.359217882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359251976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359380960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359414101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359431982 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.359447956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359453917 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.359540939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359661102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359693050 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359705925 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.359736919 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.359791040 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359823942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359860897 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.359904051 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.359982967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360028982 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.360094070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360126972 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360179901 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.360244989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360276937 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360311985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360344887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360359907 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.360377073 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360389948 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.360486031 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360515118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360560894 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.360564947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360593081 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.360614061 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.401851892 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.412992001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.413057089 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.419051886 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.469990015 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470040083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470069885 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470103979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470127106 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.470144033 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.470215082 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470305920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470340967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470392942 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.470439911 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470474958 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470490932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.470515966 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470542908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470591068 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.470645905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470679045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470695972 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.470712900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470746040 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470791101 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.470877886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470906973 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470921993 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.470958948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.470993042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471035957 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.471096992 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471131086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471143961 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.471163988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471191883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471225023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471231937 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.471261024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471287966 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.471426010 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471458912 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471493006 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.471494913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471537113 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.471584082 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471612930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471646070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471681118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471687078 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.471714020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471822023 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.471865892 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471899033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471910954 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.471934080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471966982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.471999884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472009897 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472038031 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472152948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472182035 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472213984 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472248077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472259998 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472280979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472290993 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472313881 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472347021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472379923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472385883 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472412109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472429991 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472460032 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472501993 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472666025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472700119 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472733021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472765923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472769976 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472799063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472810030 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472829103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472860098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472894907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472903967 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472929001 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472935915 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.472961903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.472996950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473072052 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.473216057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473246098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473268032 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.473294973 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473330021 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473330975 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.473361969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473395109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473428965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473437071 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.473462105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473474026 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.473491907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473522902 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473556995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473562956 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.473598003 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.473606110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473639011 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473670959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473704100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473726988 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.473732948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473767042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.473769903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.474133015 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474167109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474184990 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.474201918 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474211931 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.474236965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474266052 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474298000 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474309921 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.474333048 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474335909 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.474365950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474399090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474431992 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474441051 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.474466085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474473953 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.474498987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474531889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474565029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474584103 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.474598885 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474608898 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.474632025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474666119 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.474706888 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.475166082 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475200891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475233078 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475254059 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.475265026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475280046 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.475294113 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475347996 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475382090 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475390911 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.475415945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475436926 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.475449085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475481987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475517035 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475528955 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.475548983 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475558996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.475581884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475615025 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475650072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475661039 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.475682020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.475683928 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.475966930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476000071 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476032019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476061106 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476064920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476098061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476108074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476130009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476136923 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476162910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476191998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476221085 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476224899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476258039 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476278067 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476289988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476322889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476356030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476361990 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476388931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476394892 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476421118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476453066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476461887 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476481915 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476515055 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476555109 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476663113 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476696968 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476914883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476950884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.476965904 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.476984024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477016926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477051020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477060080 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.477085114 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477089882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.477118969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477152109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477184057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477193117 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.477216005 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477222919 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.477246046 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477279902 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477313995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477324009 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.477345943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477354050 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.477380037 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477413893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477447033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477456093 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.477485895 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.477655888 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477701902 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.477746964 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.479743004 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.479795933 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.479831934 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.479895115 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.479912043 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.479948044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.479974031 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.481093884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.481137991 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.481146097 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.481178999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.481358051 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.481883049 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.481899023 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.482505083 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.482517958 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.482533932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.482557058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.482557058 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.483232021 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.502099037 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.533890963 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.533936024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534004927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534061909 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534099102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534122944 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.534122944 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.534151077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534179926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534199953 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.534214020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534249067 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534282923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534303904 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.534317970 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534327030 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.534357071 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534564018 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534610033 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.534616947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534652948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534657001 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.534735918 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534768105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.534811974 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.536207914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536242008 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536268950 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.536278009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536351919 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536385059 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536400080 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.536420107 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536431074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.536670923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536705971 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536740065 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536772966 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.536775112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536789894 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.536811113 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536845922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536859035 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.536880016 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.536927938 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.648828030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.648870945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.648911953 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.663707972 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.663767099 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.663817883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.663819075 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.663856983 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.663887024 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.663911104 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.663921118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.663955927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664007902 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.664046049 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664081097 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664088964 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.664177895 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664211988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664242029 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.664325953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664360046 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664369106 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.664395094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664423943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664462090 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.664488077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664540052 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664549112 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.664573908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664624929 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.664685011 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664719105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664752007 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664760113 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.664784908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664819002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.664863110 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.664974928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665009022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665046930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665059090 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.665117025 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.665141106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665191889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665225029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665235043 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.665257931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665292978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665316105 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.665323019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665373087 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.665565014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665612936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665647030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665680885 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665687084 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.665714979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665744066 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665766954 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.665776014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665798903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.665812016 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665841103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.665854931 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666009903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666043997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666079044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666112900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666146994 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666162014 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666289091 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666323900 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666337013 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666356087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666389942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666424036 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666457891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666469097 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666469097 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666491985 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666526079 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666558981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666568995 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666593075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666625977 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666656971 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666675091 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666759014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666793108 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666826963 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666861057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666893959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666899920 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666899920 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.666922092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666955948 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666989088 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.666992903 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.667022943 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667042017 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.667058945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667093992 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667135000 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.667496920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667526007 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667558908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667591095 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.667593002 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667599916 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.667625904 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667659998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667668104 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.667687893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667721033 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667737961 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.667754889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667789936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667819977 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.667823076 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667857885 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.667865038 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.667998075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668028116 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668041945 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668061972 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668097019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668107033 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668129921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668163061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668196917 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668211937 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668230057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668257952 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668291092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668301105 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668301105 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668323994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668351889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668368101 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668384075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668418884 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668425083 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668447018 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668483019 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668809891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668843031 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668876886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668905973 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668910027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668945074 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.668958902 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.668973923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669007063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669012070 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.669042110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669075012 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669107914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669114113 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.669141054 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669156075 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.669174910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669209003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669231892 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.669241905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669275045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669282913 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.669442892 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.669730902 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669764996 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669794083 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.669797897 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669832945 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669837952 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.669867992 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669900894 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669934988 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.669934988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669967890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.669998884 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670001030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670036077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670046091 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670068979 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670099020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670109987 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670130968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670165062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670200109 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670206070 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670233011 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670249939 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670485973 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670515060 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670547009 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670552015 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670581102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670614004 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670619011 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670648098 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670681000 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670715094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670725107 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670725107 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670747995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670782089 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670799017 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670810938 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670844078 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670877934 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670878887 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670911074 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670922041 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.670944929 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.670984983 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.671279907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.671333075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.671366930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.671390057 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.671401978 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.671436071 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.671457052 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.671469927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.671545982 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.672210932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.676702976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.676970005 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.676994085 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.677012920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.677012920 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.677030087 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.677046061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.677062988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.677069902 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.677082062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.677088976 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.677172899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.680136919 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.680150986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.680166960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.680229902 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.680247068 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.680263042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.680279016 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.680303097 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.680315971 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.726680040 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.726711035 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.726744890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.726816893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.726850986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.726854086 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.726854086 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.726885080 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.726924896 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.726953983 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.726983070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.727018118 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.727057934 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.727088928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.727123022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.727143049 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.727157116 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.727209091 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.728027105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.728141069 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.728171110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.728214025 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.728221893 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.728256941 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.728282928 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.728292942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.728338957 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.729643106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.729672909 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.729708910 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.729743958 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.729759932 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.729793072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.729826927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.729863882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.729863882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.729899883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.729953051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.729981899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.730017900 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.730048895 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.730082989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.730098963 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.730115891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.730175972 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.730199099 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.730226994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.730278969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.730309963 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.730313063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.730348110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.730390072 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.776906013 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.829291105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829324007 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829375029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829421043 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.829423904 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829457045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829485893 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.829507113 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829540014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829559088 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.829572916 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829602957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829616070 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.829636097 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829670906 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829699039 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.829699993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829731941 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829740047 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.829766989 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.829833031 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.829988956 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830204964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830240965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830274105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830276012 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.830338001 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.830355883 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830389023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830423117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830434084 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.830456018 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830490112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830499887 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.830523014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830566883 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.830686092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830718994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830750942 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830759048 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.830785036 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830900908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830933094 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.830961943 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.830965042 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831034899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831068993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831074953 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.831074953 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.831254005 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831286907 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831305981 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.831342936 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831393003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831425905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831445932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.831459999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831492901 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831520081 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.831526041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831532955 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.831753969 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831789017 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831820965 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831842899 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.831855059 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831876040 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.831887960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831919909 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831948996 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831980944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.831988096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.831988096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832252026 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832284927 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832314014 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832317114 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832350016 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832385063 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832402945 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832416058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832448959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832461119 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832477093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832509995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832529068 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832559109 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832560062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832587957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832637072 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832669973 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832675934 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832700968 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832735062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832756996 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832768917 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832794905 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832802057 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832835913 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832878113 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832885981 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832920074 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832952976 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.832953930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.832983017 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833000898 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833038092 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833072901 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833087921 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833106995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833139896 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833168030 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833203077 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833203077 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833203077 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833237886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833271027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833285093 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833302975 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833336115 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833348989 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833370924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833401918 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833410978 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833436012 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833468914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833473921 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833503962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833542109 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833724976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833756924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833791018 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833800077 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833823919 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833865881 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833873987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833901882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833935976 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.833954096 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.833970070 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834001064 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834022045 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834033966 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834063053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834095955 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834104061 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834127903 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834161997 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834194899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834201097 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834201097 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834388971 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834422112 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834455967 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834461927 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834500074 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834541082 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834574938 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834608078 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834640980 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834661007 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834673882 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834691048 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834726095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834759951 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834791899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834801912 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834820986 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834851980 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834881067 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834883928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834917068 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834934950 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834949970 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.834975004 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.834981918 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835016012 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.835406065 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835439920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835474014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835505962 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835514069 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.835558891 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835561037 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.835593939 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835624933 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835654020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835686922 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.835686922 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.835686922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835720062 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835752964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835786104 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835819006 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835824013 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.835824013 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.835851908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835885048 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.835901976 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.836139917 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836169004 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836185932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.836200953 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836235046 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836241961 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.836306095 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836339951 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836373091 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836405993 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836426020 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.836426973 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.836436987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836471081 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836503029 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836507082 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.836535931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836546898 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.836568117 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836602926 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836611986 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.836633921 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836667061 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836694002 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.836699963 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836733103 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.836775064 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.839781046 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.839781046 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.840857983 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.840886116 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.840919018 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.840928078 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.840951920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.840974092 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.841006041 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.841042995 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.841056108 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.841074944 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.841108084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.841137886 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.841166019 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.841170073 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.841182947 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.842866898 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.842880964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.842896938 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.842941999 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.842941999 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.843030930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.843045950 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.843086004 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.850446939 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.877444983 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877496958 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877531052 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877563000 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877595901 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877605915 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.877605915 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.877645016 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877679110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877711058 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877743959 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877748966 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.877748966 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.877778053 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.877832890 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.878292084 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.878456116 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.878484964 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.878505945 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.878518105 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.878551960 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.878576994 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.878583908 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.878617048 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.878706932 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.878782034 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.878838062 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.879568100 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.879748106 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.879781961 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.879816055 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.879844904 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.879849911 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.879873991 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.880038023 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880069971 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880105019 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880137920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880157948 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.880172014 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880201101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880234957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880243063 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.880244017 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.880269051 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880300999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880309105 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.880335093 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.880565882 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.933274031 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.972120047 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972176075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972209930 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972249985 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.972318888 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972352982 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972387075 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972426891 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.972428083 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.972707987 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972757101 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972790003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972805023 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.972822905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972856045 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972872972 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.972888947 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972923994 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.972966909 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.973031998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973064899 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973097086 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973104954 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.973129988 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973162889 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973195076 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973205090 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.973205090 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.973228931 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973330975 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.973594904 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973628044 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973660946 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973707914 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973707914 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.973741055 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973771095 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.973773003 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973807096 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973861933 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.973923922 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973963022 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.973989010 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.973995924 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974030018 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974062920 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974096060 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974107027 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.974107981 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.974129915 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974162102 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974195957 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974227905 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.974227905 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974261999 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974272013 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.974298000 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974348068 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.974567890 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974601984 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974632978 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.974637032 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974668980 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974700928 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974710941 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.974734068 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974767923 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974800110 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974813938 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.974813938 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.974874020 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.974927902 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.982862949 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.986226082 CEST497309697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:13.990061998 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:13.993700027 CEST969749730185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:22.344957113 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:22.350522995 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:22.350605965 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:22.350714922 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:22.356100082 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.203424931 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.203466892 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.203526974 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:23.211091042 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:23.216587067 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.466121912 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.466325998 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:23.471961975 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.719758034 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.722223997 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:23.727735996 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.727817059 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:23.733247995 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.978339911 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.981426954 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:23.986880064 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:23.987054110 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:23.992670059 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.237504005 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.237555981 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.237940073 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.317025900 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.317169905 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.317228079 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.317332029 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.322410107 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.322537899 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.322603941 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.322624922 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.322695017 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.322698116 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.322745085 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.322746038 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.322773933 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.322797060 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.322848082 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.322874069 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.322948933 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.322976112 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.323004961 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.323012114 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.323040962 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.323045015 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.323069096 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.323103905 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.323132038 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.327672005 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.327744007 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.327768087 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.327814102 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.327889919 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.327950954 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328078032 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328154087 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328192949 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328221083 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328247070 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328253984 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328280926 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328318119 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328368902 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328438997 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328443050 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328490973 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328527927 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328558922 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328596115 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328624964 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328625917 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328690052 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.328700066 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.328778982 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.333136082 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.333353996 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.333528042 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.333659887 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.333748102 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.333837986 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334033012 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334150076 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334182024 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334208965 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334255934 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334284067 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334460974 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334527016 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334554911 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334603071 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334630013 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334657907 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334685087 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.334712029 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.842061996 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.886358023 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.974495888 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.974612951 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.974669933 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.974765062 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.974795103 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:24.980179071 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980221033 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980251074 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980308056 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980339050 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980392933 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980470896 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980499983 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980526924 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980555058 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980606079 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980638981 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980674028 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980701923 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:24.980730057 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.235872984 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.292829990 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:25.654758930 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:25.654881954 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:25.654948950 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:25.660705090 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.660792112 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.660820961 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.660852909 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.660881996 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.660908937 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.660921097 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:25.660937071 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.660969973 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.660998106 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.666389942 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.912162066 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:25.964531898 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:26.917609930 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:26.924348116 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:26.924498081 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:26.929893017 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:27.174925089 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:27.175097942 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:27.175178051 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:27.180537939 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:27.180948019 CEST969749735185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:27.181123972 CEST497359697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:32.168036938 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:32.175350904 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:32.175503016 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:32.175609112 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:32.182415962 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:33.030827045 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:33.030900955 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:33.030982018 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:33.159796000 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:33.165194035 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:33.430418968 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:33.432202101 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:33.437622070 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:33.737052917 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:33.744617939 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:33.750006914 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:33.750116110 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:33.755533934 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.007042885 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.010761023 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.017668962 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.017746925 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.025171041 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.291414022 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.293560028 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.293668985 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.293709040 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.293745041 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.293776989 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.293776989 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.294414997 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.294450045 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.294491053 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.304300070 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.304333925 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.304368973 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.304368973 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.304425001 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.315445900 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.315479040 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.315514088 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.315534115 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.370904922 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.410614014 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.410689116 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.410707951 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.410839081 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.410963058 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.411011934 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.411026001 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.453365088 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.453399897 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.453444958 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.453449965 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.453499079 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.457657099 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.457710028 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.457741976 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.457767963 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:34.465054035 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:34.465125084 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.550141096 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.555623055 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.555696011 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.561002016 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.815119982 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.815165043 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.815200090 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.815243959 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.824243069 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.824330091 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.827303886 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.827352047 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.827385902 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.827403069 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.833081961 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.833133936 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.833148956 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.833182096 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.833233118 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.841037035 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.841140032 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.841172934 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.841212988 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.886332035 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.931262970 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.931418896 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.931457043 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.931499958 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.931507111 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.931554079 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.931587934 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.931756973 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.931823969 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.931826115 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.931859970 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.931936979 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.932486057 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.938189030 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.938222885 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.938297033 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.938297033 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.938324928 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.938379049 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.941309929 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.941343069 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.941406012 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.941420078 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.941493988 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.941622972 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.941657066 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.941740990 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.949956894 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.950221062 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.950253963 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.950289011 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.950309992 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.950323105 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.950387955 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.957982063 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.958075047 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.958107948 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.958117008 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.958179951 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:36.958404064 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.958436012 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:36.958539963 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.048563957 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.048685074 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.048715115 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.048748970 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.048751116 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.048785925 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.048823118 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.049335003 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.049370050 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.049393892 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.049442053 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.049499035 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.049530983 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.049562931 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.049617052 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.050101042 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.050211906 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.050295115 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.050316095 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.050825119 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.050879002 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.050888062 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.050911903 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.050961971 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.054974079 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.055028915 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.055079937 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.055119991 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.055188894 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.055203915 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.055239916 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.055694103 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.055727959 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.055747032 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.058062077 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.058132887 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.058147907 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.058149099 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.058207989 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.058243036 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.058258057 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.058273077 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.058304071 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.058342934 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.058393002 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.059007883 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.059057951 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.059072971 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.059106112 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.059145927 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.059194088 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.066865921 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.066890001 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.066905975 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.066922903 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.066941023 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.066994905 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.067008972 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.067024946 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.067084074 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.067243099 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.067306042 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.067346096 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.067357063 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.067389965 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.067439079 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.067806959 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.067845106 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.067897081 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.074707985 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.074726105 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.074781895 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.074805021 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.074836016 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.074860096 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.074887991 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.075030088 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.075052023 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.075089931 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.075599909 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.075618982 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.075671911 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.075731039 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.075778961 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.075814962 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.075835943 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.075875998 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.177643061 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.177772999 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.177824020 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.177830935 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.177858114 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.177890062 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.177906036 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.177922964 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.177962065 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.178097963 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.178149939 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.178181887 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.178194046 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.178302050 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.178334951 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.178352118 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.178368092 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.178406954 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.179173946 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.179208040 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.179240942 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.179248095 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.179337978 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.179372072 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.179384947 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.179406881 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.179455996 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.180042982 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.180095911 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.180129051 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.180140972 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.180255890 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.180288076 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.180304050 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.180322886 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.180367947 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.180982113 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.181032896 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.181070089 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.181083918 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.181206942 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.181238890 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.181253910 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.181273937 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.181313992 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.181951046 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.182001114 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.182034969 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.182043076 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.182176113 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.182209015 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.182220936 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.182244062 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.182286978 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.182913065 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.182992935 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.183027029 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.183043003 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.183132887 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.183166027 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.183186054 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.183198929 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.183238983 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.183880091 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.183932066 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.183964968 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.183974981 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.184029102 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.184063911 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.184067965 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.184097052 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.184140921 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.184828997 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.184880018 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.184912920 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.184921026 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.184990883 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.185023069 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.185034037 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.185056925 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.185096979 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.185779095 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.185854912 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.185888052 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.185902119 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.185971975 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.186003923 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.186012030 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.186037064 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.186078072 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.186757088 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.186805964 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.186839104 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.186847925 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.186918020 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.186949968 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.186956882 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.186981916 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.187021017 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.187587976 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.187637091 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.187669992 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.187676907 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.187825918 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.187858105 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.187882900 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.187894106 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.187926054 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.187932968 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.188631058 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.188666105 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.188684940 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.191879034 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.191929102 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.191934109 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.191961050 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.191998005 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.192070007 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.192102909 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.192137003 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.192142010 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.192171097 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.192207098 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.192210913 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.192240000 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.192274094 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.192292929 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.192362070 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.192390919 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.192411900 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.245851994 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.282454014 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282500029 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282561064 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282597065 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282630920 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.282632113 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282668114 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282706022 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.282721043 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282754898 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282785892 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282809973 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.282819033 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282870054 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.282870054 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282891989 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.282902956 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282937050 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.282963037 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.282968998 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.283006907 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.283023119 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.283035994 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.283087015 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.452064991 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.457844973 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.457916975 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.463625908 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.710062027 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.710118055 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.710175037 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.710248947 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.710299015 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.710299969 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.710980892 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.711036921 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.711074114 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.711090088 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.712080002 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.712136984 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.712163925 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.712193012 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.712227106 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.712240934 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.713219881 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.713272095 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.713283062 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.713304996 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.713351965 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.714308023 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.714335918 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.714401960 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.714426041 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.714453936 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.714497089 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.715625048 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.715699911 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.715733051 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.715751886 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.716669083 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.716696978 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.716720104 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.716748953 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.716775894 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.716797113 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.717735052 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.717787027 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.717809916 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.717842102 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.717888117 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.718945980 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.719058990 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.719091892 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.719113111 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.719902992 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.719955921 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.719957113 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.719990969 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.720041037 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.720041990 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.721146107 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.721178055 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.721201897 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.721213102 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.721257925 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.722171068 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.722222090 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.722287893 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.722337961 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.722379923 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.722428083 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.723351955 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.723400116 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.723433971 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.723453045 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.723480940 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.723525047 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.724787951 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.724837065 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.724885941 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.724917889 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.724946022 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.724986076 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.725898981 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.725946903 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.725991011 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.725996971 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.726025105 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.726066113 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.727029085 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.776930094 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.803112984 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.808645010 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:37.808703899 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:37.814263105 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:38.077871084 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:38.078023911 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:38.083522081 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:38.174390078 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:38.184592962 CEST969749738185.196.11.237192.168.2.4
                                          Oct 26, 2024 07:08:38.184662104 CEST497389697192.168.2.4185.196.11.237
                                          Oct 26, 2024 07:08:38.434756994 CEST49739443192.168.2.4193.149.185.109
                                          Oct 26, 2024 07:08:38.434808969 CEST44349739193.149.185.109192.168.2.4
                                          Oct 26, 2024 07:08:38.434972048 CEST49739443192.168.2.4193.149.185.109
                                          Oct 26, 2024 07:08:38.434972048 CEST49739443192.168.2.4193.149.185.109
                                          Oct 26, 2024 07:08:38.435019016 CEST44349739193.149.185.109192.168.2.4
                                          Oct 26, 2024 07:08:39.286358118 CEST44349739193.149.185.109192.168.2.4
                                          Oct 26, 2024 07:08:39.286511898 CEST49739443192.168.2.4193.149.185.109
                                          Oct 26, 2024 07:08:39.290543079 CEST49739443192.168.2.4193.149.185.109
                                          Oct 26, 2024 07:08:39.290555954 CEST44349739193.149.185.109192.168.2.4
                                          Oct 26, 2024 07:08:39.290946960 CEST44349739193.149.185.109192.168.2.4
                                          Oct 26, 2024 07:08:39.292418003 CEST49739443192.168.2.4193.149.185.109
                                          Oct 26, 2024 07:08:39.335366964 CEST44349739193.149.185.109192.168.2.4

                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.449739193.149.185.1094437760C:\Windows\System32\dllhost.exe
                                          TimestampBytes transferredDirectionData
                                          2024-10-26 05:08:39 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-10-26 05:08:39 UTC159OUTData Raw: a1 43 00 a1 53 00 a1 42 ce 67 1c 63 db a1 50 91 86 a1 4e d9 26 7b 45 33 42 39 32 45 41 41 2d 46 35 43 37 2d 34 37 46 38 2d 41 34 38 37 2d 46 34 36 36 46 34 32 30 33 35 41 31 7d a1 44 d9 2a 49 6e 74 65 6c 28 52 29 20 38 32 35 37 34 4c 20 47 69 67 61 62 69 74 20 4e 65 74 77 6f 72 6b 20 43 6f 6e 6e 65 63 74 69 6f 6e a1 41 ab 31 39 32 2e 31 36 38 2e 32 2e 34 a1 4b ad 32 35 35 2e 32 35 35 2e 32 35 35 2e 30 a1 4d c4 06 ec f4 bb ea 15 88 a1 47 ab 31 39 32 2e 31 36 38 2e 32 2e 31
                                          Data Ascii: CSBgcPN&{E3B92EAA-F5C7-47F8-A487-F466F42035A1}D*Intel(R) 82574L Gigabit Network ConnectionA192.168.2.4K255.255.255.0MG192.168.2.1


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:01:08:00
                                          Start date:26/10/2024
                                          Path:C:\Users\user\Desktop\UGcjMkPWwW.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\UGcjMkPWwW.exe"
                                          Imagebase:0x3d0000
                                          File size:433'152 bytes
                                          MD5 hash:14988E9D35A0C92435297F7B2821DC60
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000000.1707524321.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.1742681763.0000000003C00000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000003.1740844173.00000000003C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.1742866792.0000000003E20000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000003.1743471717.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:1
                                          Start time:01:08:04
                                          Start date:26/10/2024
                                          Path:C:\Windows\SysWOW64\OpenWith.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\openwith.exe"
                                          Imagebase:0xf20000
                                          File size:107'368 bytes
                                          MD5 hash:0ED31792A7FFF811883F80047CBCFC91
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000003.1743648406.0000000000C40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000003.1768649425.0000000004ECF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000003.1745436761.0000000005180000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000003.1745270453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000002.1827092674.00000000046E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:2
                                          Start time:01:08:12
                                          Start date:26/10/2024
                                          Path:C:\Windows\System32\OpenWith.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Windows\system32\openwith.exe"
                                          Imagebase:0x7ff6d7750000
                                          File size:123'984 bytes
                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1901618122.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1900288624.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000002.00000003.2116742078.00000251D5511000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1906943216.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1900970366.00000251D50F3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1904033708.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1902184169.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1903499792.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1905062934.00000251D50FC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1900141786.00000251D50F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1903745557.00000251D50FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000002.00000003.1876203189.00000251D5311000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000002.00000003.1876369505.00000251D53C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1901371041.00000251D50FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:6
                                          Start time:01:08:33
                                          Start date:26/10/2024
                                          Path:C:\Program Files\Windows Media Player\wmlaunch.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Windows Media Player\wmlaunch.exe"
                                          Imagebase:0x7ff6889f0000
                                          File size:96'256 bytes
                                          MD5 hash:836F3636C231980EAD81C84BCA55D82B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:false

                                          General

                                          Target ID:7
                                          Start time:01:08:36
                                          Start date:26/10/2024
                                          Path:C:\Windows\System32\dllhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Windows\system32\dllhost.exe"
                                          Imagebase:0x7ff70f330000
                                          File size:21'312 bytes
                                          MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:false

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:2%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:1.7%
                                            Total number of Nodes:1667
                                            Total number of Limit Nodes:20
                                            execution_graph 8465 427fc0 8466 4298f1 __dosmaperr 14 API calls 8465->8466 8467 427fcd 8466->8467 8363 428b47 8366 428ace 8363->8366 8367 428ada __FrameHandler3::FrameUnwindToState 8366->8367 8374 42b43d EnterCriticalSection 8367->8374 8369 428ae4 8370 428b12 8369->8370 8372 42c0a8 _unexpected 14 API calls 8369->8372 8375 428b30 8370->8375 8372->8369 8374->8369 8378 42b485 LeaveCriticalSection 8375->8378 8377 428b1e 8378->8377 8279 4256c4 8283 4260e0 8279->8283 8282 4256ea 8284 4256d7 GetStartupInfoW 8283->8284 8284->8282 7636 427945 7639 427978 7636->7639 7642 427ec4 7639->7642 7643 427ed1 ___std_exception_copy 7642->7643 7647 427953 7642->7647 7646 427efe 7643->7646 7643->7647 7648 42914d 7643->7648 7645 429127 ___std_exception_destroy 14 API calls 7645->7647 7646->7645 7649 42915b 7648->7649 7650 429169 7648->7650 7649->7650 7655 429181 7649->7655 7651 429d91 __dosmaperr 14 API calls 7650->7651 7652 429171 7651->7652 7653 429cb0 ___std_exception_copy 29 API calls 7652->7653 7654 42917b 7653->7654 7654->7646 7655->7654 7656 429d91 __dosmaperr 14 API calls 7655->7656 7656->7652 7697 42d9c5 7701 42d90e 7697->7701 7698 42d928 7699 42d93c 7698->7699 7700 429d91 __dosmaperr 14 API calls 7698->7700 7702 42d932 7700->7702 7701->7698 7701->7699 7704 42d961 7701->7704 7703 429cb0 ___std_exception_copy 29 API calls 7702->7703 7703->7699 7704->7699 7705 429d91 __dosmaperr 14 API calls 7704->7705 7705->7702 8468 429fcb 8471 429e53 8468->8471 8472 429e61 8471->8472 8473 429e7b 8471->8473 8474 42a5a5 14 API calls 8472->8474 8475 429e82 8473->8475 8476 429ea1 8473->8476 8488 429e6b 8474->8488 8475->8488 8489 42a5fb 8475->8489 8477 42b1ff _unexpected MultiByteToWideChar 8476->8477 8479 429eb0 8477->8479 8480 429eb7 GetLastError 8479->8480 8481 429edd 8479->8481 8484 42a5fb 15 API calls 8479->8484 8482 429d37 __dosmaperr 14 API calls 8480->8482 8485 42b1ff _unexpected MultiByteToWideChar 8481->8485 8481->8488 8483 429ec3 8482->8483 8486 429d91 __dosmaperr 14 API calls 8483->8486 8484->8481 8487 429ef4 8485->8487 8486->8488 8487->8480 8487->8488 8490 42a5a5 14 API calls 8489->8490 8491 42a609 8490->8491 8492 42a63a 15 API calls 8491->8492 8493 42a61a 8492->8493 8493->8488 8379 425748 8380 42577f 8379->8380 8383 42575a 8379->8383 8383->8380 8388 426747 8383->8388 8386 4290eb _unexpected 68 API calls 8387 42579d 8386->8387 8389 426913 _unexpected 78 API calls 8388->8389 8390 42578c 8389->8390 8391 426750 8390->8391 8392 426913 _unexpected 78 API calls 8391->8392 8393 425796 8392->8393 8393->8386 8040 42664e 8041 426657 8040->8041 8042 426687 8040->8042 8041->8042 8043 426913 _unexpected 78 API calls 8041->8043 8044 426692 8043->8044 8045 426913 _unexpected 78 API calls 8044->8045 8046 42669d 8045->8046 8047 4290eb _unexpected 68 API calls 8046->8047 8048 4266a5 8047->8048 6680 4322cc 6692 432277 GetPEB 6680->6692 6682 4322e5 6683 4323fa 6682->6683 6684 432309 VirtualAlloc 6682->6684 6684->6683 6685 432321 6684->6685 6694 432098 VirtualAlloc 6685->6694 6688 4323eb VirtualFree 6688->6683 6689 432359 VirtualAlloc 6689->6688 6690 432370 6689->6690 6691 4323ae VirtualProtect 6690->6691 6691->6688 6693 432295 6692->6693 6693->6682 6695 432270 6694->6695 6697 4320d0 VirtualFree 6694->6697 6695->6688 6695->6689 6697->6695 6698 42f04d 6699 42f060 ___std_exception_copy 6698->6699 6702 42ef28 6699->6702 6701 42f06c ___std_exception_copy 6703 42ef34 __FrameHandler3::FrameUnwindToState 6702->6703 6704 42ef61 6703->6704 6705 42ef3e 6703->6705 6712 42ef59 6704->6712 6724 42cd97 EnterCriticalSection 6704->6724 6713 429c33 6705->6713 6708 42ef7f 6725 42efbf 6708->6725 6710 42ef8c 6739 42efb7 6710->6739 6712->6701 6714 429c43 6713->6714 6715 429c4a 6713->6715 6742 4292a0 GetLastError 6714->6742 6720 429c58 6715->6720 6746 429a8b 6715->6746 6718 429c7f 6718->6720 6749 429cc0 IsProcessorFeaturePresent 6718->6749 6720->6712 6721 429caf 6753 429bfc 6721->6753 6723 429cbc 6723->6712 6724->6708 6726 42efef 6725->6726 6727 42efcc 6725->6727 6729 42efe7 6726->6729 6793 42cbac 6726->6793 6728 429c33 ___std_exception_copy 29 API calls 6727->6728 6728->6729 6729->6710 6735 42f01b 6810 42f83c 6735->6810 6738 429e01 ___free_lconv_mon 14 API calls 6738->6729 7070 42cdab LeaveCriticalSection 6739->7070 6741 42efbd 6741->6712 6743 4292b9 6742->6743 6757 4299a2 6743->6757 6747 429a96 GetLastError SetLastError 6746->6747 6748 429aaf 6746->6748 6747->6718 6748->6718 6750 429ccc 6749->6750 6779 429ab4 6750->6779 6754 429c0e ___std_exception_copy 6753->6754 6755 429c33 ___std_exception_copy 29 API calls 6754->6755 6756 429c26 ___std_exception_copy 6755->6756 6756->6723 6758 4299b5 6757->6758 6759 4299bb 6757->6759 6760 42c373 _unexpected 6 API calls 6758->6760 6761 42c3b2 _unexpected 6 API calls 6759->6761 6778 4292d5 SetLastError 6759->6778 6760->6759 6762 4299d5 6761->6762 6763 429da4 _unexpected 14 API calls 6762->6763 6762->6778 6764 4299e5 6763->6764 6765 429a02 6764->6765 6766 4299ed 6764->6766 6767 42c3b2 _unexpected 6 API calls 6765->6767 6768 42c3b2 _unexpected 6 API calls 6766->6768 6769 429a0e 6767->6769 6775 4299f9 6768->6775 6770 429a12 6769->6770 6771 429a21 6769->6771 6773 42c3b2 _unexpected 6 API calls 6770->6773 6774 4295ce _unexpected 14 API calls 6771->6774 6772 429e01 ___free_lconv_mon 14 API calls 6772->6778 6773->6775 6776 429a2c 6774->6776 6775->6772 6777 429e01 ___free_lconv_mon 14 API calls 6776->6777 6777->6778 6778->6715 6780 429ad0 _unexpected 6779->6780 6781 429afc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6780->6781 6782 429bcd _unexpected 6781->6782 6785 425a25 6782->6785 6784 429beb GetCurrentProcess TerminateProcess 6784->6721 6786 425a2e IsProcessorFeaturePresent 6785->6786 6787 425a2d 6785->6787 6789 425a70 6786->6789 6787->6784 6792 425a33 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 6789->6792 6791 425b53 6791->6784 6792->6791 6794 42cbc5 6793->6794 6798 42cbec 6793->6798 6795 42d3f4 _unexpected 29 API calls 6794->6795 6794->6798 6796 42cbe1 6795->6796 6817 42e723 6796->6817 6799 42eafb 6798->6799 6800 42eb12 6799->6800 6801 42eb24 6799->6801 6800->6801 6802 429e01 ___free_lconv_mon 14 API calls 6800->6802 6803 42d3f4 6801->6803 6802->6801 6804 42d400 6803->6804 6805 42d415 6803->6805 6806 429d91 __dosmaperr 14 API calls 6804->6806 6805->6735 6807 42d405 6806->6807 6808 429cb0 ___std_exception_copy 29 API calls 6807->6808 6809 42d410 6808->6809 6809->6735 6811 42f865 6810->6811 6816 42f022 6810->6816 6812 42f8b4 6811->6812 6814 42f88c 6811->6814 6813 429c33 ___std_exception_copy 29 API calls 6812->6813 6813->6816 7035 42f7ab 6814->7035 6816->6729 6816->6738 6819 42e72f __FrameHandler3::FrameUnwindToState 6817->6819 6818 42e737 6818->6798 6819->6818 6820 42e770 6819->6820 6822 42e7b6 6819->6822 6821 429c33 ___std_exception_copy 29 API calls 6820->6821 6821->6818 6828 42b636 EnterCriticalSection 6822->6828 6824 42e7bc 6827 42e7da 6824->6827 6829 42e834 6824->6829 6855 42e82c 6827->6855 6828->6824 6830 42e85c 6829->6830 6853 42e87f _unexpected 6829->6853 6831 42e860 6830->6831 6833 42e8bb 6830->6833 6832 429c33 ___std_exception_copy 29 API calls 6831->6832 6832->6853 6834 42e8d9 6833->6834 6858 42eed8 6833->6858 6861 42e3b0 6834->6861 6838 42e8f1 6842 42e920 6838->6842 6843 42e8f9 6838->6843 6839 42e938 6840 42e9a1 WriteFile 6839->6840 6841 42e94c 6839->6841 6844 42e9c3 GetLastError 6840->6844 6840->6853 6846 42e954 6841->6846 6847 42e98d 6841->6847 6873 42df81 GetConsoleOutputCP 6842->6873 6843->6853 6868 42e348 6843->6868 6844->6853 6848 42e979 6846->6848 6849 42e959 6846->6849 6901 42e42d 6847->6901 6893 42e5f1 6848->6893 6849->6853 6886 42e508 6849->6886 6853->6827 7034 42b659 LeaveCriticalSection 6855->7034 6857 42e832 6857->6818 6908 42ee55 6858->6908 6860 42eef1 6860->6834 6933 42eb3b 6861->6933 6863 42e3c2 6864 42e426 6863->6864 6865 42e3f0 6863->6865 6942 429350 6863->6942 6864->6838 6864->6839 6865->6864 6867 42e40a GetConsoleMode 6865->6867 6867->6864 6869 42e39f 6868->6869 6871 42e36a 6868->6871 6869->6853 6870 42eef6 5 API calls _unexpected 6870->6871 6871->6869 6871->6870 6872 42e3a1 GetLastError 6871->6872 6872->6869 6874 42dff3 6873->6874 6882 42dffa CatchIt 6873->6882 6875 429350 _unexpected 64 API calls 6874->6875 6875->6882 6876 425a25 _ValidateLocalCookies 5 API calls 6877 42e341 6876->6877 6877->6853 6878 42d2c1 64 API calls _unexpected 6878->6882 6879 42e2b0 6879->6876 6881 42e229 WriteFile 6881->6882 6883 42e31f GetLastError 6881->6883 6882->6878 6882->6879 6882->6881 6884 42ed31 5 API calls _unexpected 6882->6884 6885 42e267 WriteFile 6882->6885 7031 42b2b9 6882->7031 6883->6879 6884->6882 6885->6882 6885->6883 6887 42e517 _unexpected 6886->6887 6888 42e5d6 6887->6888 6890 42e58c WriteFile 6887->6890 6889 425a25 _ValidateLocalCookies 5 API calls 6888->6889 6891 42e5ef 6889->6891 6890->6887 6892 42e5d8 GetLastError 6890->6892 6891->6853 6892->6888 6900 42e600 _unexpected 6893->6900 6894 42e708 6895 425a25 _ValidateLocalCookies 5 API calls 6894->6895 6896 42e721 6895->6896 6896->6853 6897 42b2b9 _unexpected WideCharToMultiByte 6897->6900 6898 42e70a GetLastError 6898->6894 6899 42e6bf WriteFile 6899->6898 6899->6900 6900->6894 6900->6897 6900->6898 6900->6899 6906 42e43c _unexpected 6901->6906 6902 42e4ed 6903 425a25 _ValidateLocalCookies 5 API calls 6902->6903 6904 42e506 6903->6904 6904->6853 6905 42e4ac WriteFile 6905->6906 6907 42e4ef GetLastError 6905->6907 6906->6902 6906->6905 6907->6902 6914 42b70d 6908->6914 6910 42ee67 6911 42ee83 SetFilePointerEx 6910->6911 6913 42ee6f _unexpected 6910->6913 6912 42ee9b GetLastError 6911->6912 6911->6913 6912->6913 6913->6860 6915 42b71a 6914->6915 6916 42b72f 6914->6916 6927 429d7e 6915->6927 6919 429d7e __dosmaperr 14 API calls 6916->6919 6921 42b754 6916->6921 6922 42b75f 6919->6922 6920 429d91 __dosmaperr 14 API calls 6923 42b727 6920->6923 6921->6910 6924 429d91 __dosmaperr 14 API calls 6922->6924 6923->6910 6925 42b767 6924->6925 6930 429cb0 6925->6930 6928 4298f1 __dosmaperr 14 API calls 6927->6928 6929 429d83 6928->6929 6929->6920 6931 429bfc ___std_exception_copy 29 API calls 6930->6931 6932 429cbc 6931->6932 6932->6923 6934 42eb55 6933->6934 6935 42eb48 6933->6935 6938 42eb61 6934->6938 6939 429d91 __dosmaperr 14 API calls 6934->6939 6936 429d91 __dosmaperr 14 API calls 6935->6936 6937 42eb4d 6936->6937 6937->6863 6938->6863 6940 42eb82 6939->6940 6941 429cb0 ___std_exception_copy 29 API calls 6940->6941 6941->6937 6943 429360 6942->6943 6948 42d232 6943->6948 6949 42937d 6948->6949 6950 42d249 6948->6950 6952 42d290 6949->6952 6950->6949 6956 42c027 6950->6956 6953 42d2a7 6952->6953 6954 42938a 6952->6954 6953->6954 7015 42ae4d 6953->7015 6954->6865 6957 42c033 __FrameHandler3::FrameUnwindToState 6956->6957 6969 4297a0 GetLastError 6957->6969 6961 42c05a 6997 42c0a8 6961->6997 6966 42c082 6966->6949 6970 4297bc 6969->6970 6971 4297b6 6969->6971 6973 42c3b2 _unexpected 6 API calls 6970->6973 6975 4297c0 SetLastError 6970->6975 6972 42c373 _unexpected 6 API calls 6971->6972 6972->6970 6974 4297d8 6973->6974 6974->6975 6977 429da4 _unexpected 14 API calls 6974->6977 6978 429850 6975->6978 6979 429855 6975->6979 6980 4297ed 6977->6980 6978->6966 6996 42b43d EnterCriticalSection 6978->6996 6983 4291a7 CallUnexpected 66 API calls 6979->6983 6981 429806 6980->6981 6982 4297f5 6980->6982 6985 42c3b2 _unexpected 6 API calls 6981->6985 6984 42c3b2 _unexpected 6 API calls 6982->6984 6986 42985a 6983->6986 6987 429803 6984->6987 6988 429812 6985->6988 6992 429e01 ___free_lconv_mon 14 API calls 6987->6992 6989 429816 6988->6989 6990 42982d 6988->6990 6991 42c3b2 _unexpected 6 API calls 6989->6991 6993 4295ce _unexpected 14 API calls 6990->6993 6991->6987 6992->6975 6994 429838 6993->6994 6995 429e01 ___free_lconv_mon 14 API calls 6994->6995 6995->6975 6996->6961 6998 42c0b6 _unexpected 6997->6998 7000 42c06b 6997->7000 6999 42bddb _unexpected 14 API calls 6998->6999 6998->7000 6999->7000 7001 42c087 7000->7001 7002 42b485 _unexpected LeaveCriticalSection 7001->7002 7003 42c07e 7002->7003 7003->6966 7004 4291a7 7003->7004 7005 42c79c _unexpected EnterCriticalSection LeaveCriticalSection 7004->7005 7006 4291ac 7005->7006 7008 42c7e1 _unexpected 67 API calls 7006->7008 7011 4291b7 7006->7011 7007 4291c1 IsProcessorFeaturePresent 7009 4291cd 7007->7009 7008->7011 7012 429ab4 _unexpected 8 API calls 7009->7012 7010 428a3f _unexpected 21 API calls 7013 4291ea 7010->7013 7011->7007 7014 4291e0 7011->7014 7012->7014 7014->7010 7016 4297a0 _unexpected 68 API calls 7015->7016 7017 42ae52 7016->7017 7020 42ad65 7017->7020 7021 42ad71 __FrameHandler3::FrameUnwindToState 7020->7021 7022 42b43d _unexpected EnterCriticalSection 7021->7022 7023 42ad8b 7021->7023 7029 42ad9b 7022->7029 7024 42ad92 7023->7024 7026 4291a7 CallUnexpected 68 API calls 7023->7026 7024->6954 7025 42adc7 7027 42ade4 _unexpected LeaveCriticalSection 7025->7027 7028 42ae04 7026->7028 7027->7023 7029->7025 7030 429e01 ___free_lconv_mon 14 API calls 7029->7030 7030->7025 7032 42b2cc _unexpected 7031->7032 7033 42b30a WideCharToMultiByte 7032->7033 7033->6882 7034->6857 7036 42f7b7 __FrameHandler3::FrameUnwindToState 7035->7036 7043 42b636 EnterCriticalSection 7036->7043 7038 42f7c5 7040 42f7f6 7038->7040 7044 42f8df 7038->7044 7057 42f830 7040->7057 7043->7038 7045 42b70d _unexpected 29 API calls 7044->7045 7048 42f8ef 7045->7048 7046 42f8f5 7060 42b67c 7046->7060 7048->7046 7049 42b70d _unexpected 29 API calls 7048->7049 7056 42f927 7048->7056 7051 42f91e 7049->7051 7050 42b70d _unexpected 29 API calls 7052 42f933 CloseHandle 7050->7052 7054 42b70d _unexpected 29 API calls 7051->7054 7052->7046 7055 42f93f GetLastError 7052->7055 7053 42f94d _unexpected 7053->7040 7054->7056 7055->7046 7056->7046 7056->7050 7069 42b659 LeaveCriticalSection 7057->7069 7059 42f819 7059->6816 7061 42b6f2 7060->7061 7062 42b68b 7060->7062 7063 429d91 __dosmaperr 14 API calls 7061->7063 7062->7061 7068 42b6b5 7062->7068 7064 42b6f7 7063->7064 7065 429d7e __dosmaperr 14 API calls 7064->7065 7066 42b6e2 7065->7066 7066->7053 7067 42b6dc SetStdHandle 7067->7066 7068->7066 7068->7067 7069->7059 7070->6741 7706 42f9d0 7709 42f9ee 7706->7709 7708 42f9e6 7710 42f9f3 7709->7710 7712 42fa88 7710->7712 7714 4302b3 7710->7714 7712->7708 7715 4302d6 7714->7715 7716 4302c6 DecodePointer 7714->7716 7717 42fc1f 7715->7717 7718 430305 7715->7718 7719 43031a 7715->7719 7716->7715 7717->7708 7718->7717 7720 429d91 __dosmaperr 14 API calls 7718->7720 7719->7717 7721 429d91 __dosmaperr 14 API calls 7719->7721 7720->7717 7721->7717 8494 4263d0 8495 4263ee __InternalCxxFrameHandler 8494->8495 8506 426390 8495->8506 8507 4263a2 8506->8507 8508 4263af 8506->8508 8509 425a25 _ValidateLocalCookies 5 API calls 8507->8509 8509->8508 7722 4279d4 7725 427f27 7722->7725 7724 4279e9 7726 427f34 7725->7726 7727 427f3b 7725->7727 7728 429127 ___std_exception_destroy 14 API calls 7726->7728 7727->7724 7728->7727 8049 428a55 8050 428a6b __FrameHandler3::FrameUnwindToState _unexpected 8049->8050 8051 4297a0 _unexpected 68 API calls 8050->8051 8054 4290fc 8051->8054 8052 4291a7 CallUnexpected 68 API calls 8053 429126 8052->8053 8054->8052 6524 424e5a GetProcessHeap RtlAllocateHeap 6525 424f3b 6524->6525 6526 424e84 _unexpected 6524->6526 6527 424e94 GetModuleFileNameW 6526->6527 6528 424f11 GetProcessHeap RtlFreeHeap 6527->6528 6530 424eaf _wcsrchr 6527->6530 6528->6525 6529 424f27 MulDiv 6528->6529 6529->6525 6530->6528 6531 424edb lstrlenW 6530->6531 6532 424eea 6531->6532 6532->6528 8394 42b35c GetEnvironmentStringsW 8395 42b374 8394->8395 8408 42b3f7 8394->8408 8396 42b2b9 _unexpected WideCharToMultiByte 8395->8396 8397 42b391 8396->8397 8398 42b3a6 8397->8398 8399 42b39b FreeEnvironmentStringsW 8397->8399 8400 42bbef 15 API calls 8398->8400 8399->8408 8401 42b3ad 8400->8401 8402 42b3c6 8401->8402 8403 42b3b5 8401->8403 8405 42b2b9 _unexpected WideCharToMultiByte 8402->8405 8404 429e01 ___free_lconv_mon 14 API calls 8403->8404 8406 42b3ba FreeEnvironmentStringsW 8404->8406 8407 42b3d6 8405->8407 8406->8408 8409 42b3e5 8407->8409 8410 42b3dd 8407->8410 8412 429e01 ___free_lconv_mon 14 API calls 8409->8412 8411 429e01 ___free_lconv_mon 14 API calls 8410->8411 8413 42b3e3 FreeEnvironmentStringsW 8411->8413 8412->8413 8413->8408 7657 42b563 7658 42b570 7657->7658 7659 42b592 7657->7659 7660 42b57e DeleteCriticalSection 7658->7660 7661 42b58c 7658->7661 7660->7660 7660->7661 7662 429e01 ___free_lconv_mon 14 API calls 7661->7662 7662->7659 7588 42c4e1 7589 42c512 7588->7589 7590 42c4ec 7588->7590 7590->7589 7591 42c4fc FreeLibrary 7590->7591 7591->7590 8055 430260 8056 430280 8055->8056 8059 4306f8 8056->8059 8060 430737 __startOneArgErrorHandling 8059->8060 8064 4307bf __startOneArgErrorHandling 8060->8064 8067 430b9e 8060->8067 8062 430eb2 __startOneArgErrorHandling 14 API calls 8063 4307f4 8062->8063 8065 425a25 _ValidateLocalCookies 5 API calls 8063->8065 8064->8062 8064->8063 8066 4302a0 8065->8066 8068 430bc1 __raise_exc RaiseException 8067->8068 8069 430bbc 8068->8069 8069->8064 8070 429667 8071 429672 8070->8071 8072 429682 8070->8072 8076 429688 8071->8076 8075 429e01 ___free_lconv_mon 14 API calls 8075->8072 8077 4296a3 8076->8077 8078 42969d 8076->8078 8080 429e01 ___free_lconv_mon 14 API calls 8077->8080 8079 429e01 ___free_lconv_mon 14 API calls 8078->8079 8079->8077 8081 4296af 8080->8081 8082 429e01 ___free_lconv_mon 14 API calls 8081->8082 8083 4296ba 8082->8083 8084 429e01 ___free_lconv_mon 14 API calls 8083->8084 8085 4296c5 8084->8085 8086 429e01 ___free_lconv_mon 14 API calls 8085->8086 8087 4296d0 8086->8087 8088 429e01 ___free_lconv_mon 14 API calls 8087->8088 8089 4296db 8088->8089 8090 429e01 ___free_lconv_mon 14 API calls 8089->8090 8091 4296e6 8090->8091 8092 429e01 ___free_lconv_mon 14 API calls 8091->8092 8093 4296f1 8092->8093 8094 429e01 ___free_lconv_mon 14 API calls 8093->8094 8095 4296fc 8094->8095 8096 429e01 ___free_lconv_mon 14 API calls 8095->8096 8097 42970a 8096->8097 8102 4294b4 8097->8102 8103 4294c0 __FrameHandler3::FrameUnwindToState 8102->8103 8118 42b43d EnterCriticalSection 8103->8118 8107 4294ca 8108 429e01 ___free_lconv_mon 14 API calls 8107->8108 8109 4294f4 8107->8109 8108->8109 8119 429513 8109->8119 8110 42951f 8111 42952b __FrameHandler3::FrameUnwindToState 8110->8111 8123 42b43d EnterCriticalSection 8111->8123 8113 429535 8124 429755 8113->8124 8115 429548 8128 429568 8115->8128 8118->8107 8122 42b485 LeaveCriticalSection 8119->8122 8121 429501 8121->8110 8122->8121 8123->8113 8125 42978b _unexpected 8124->8125 8126 429764 _unexpected 8124->8126 8125->8115 8126->8125 8131 42bddb 8126->8131 8245 42b485 LeaveCriticalSection 8128->8245 8130 429556 8130->8075 8132 42be5b 8131->8132 8135 42bdf1 8131->8135 8133 42bea9 8132->8133 8136 429e01 ___free_lconv_mon 14 API calls 8132->8136 8199 42bf4c 8133->8199 8135->8132 8137 42be24 8135->8137 8142 429e01 ___free_lconv_mon 14 API calls 8135->8142 8138 42be7d 8136->8138 8139 42be46 8137->8139 8148 429e01 ___free_lconv_mon 14 API calls 8137->8148 8140 429e01 ___free_lconv_mon 14 API calls 8138->8140 8141 429e01 ___free_lconv_mon 14 API calls 8139->8141 8143 42be90 8140->8143 8145 42be50 8141->8145 8147 42be19 8142->8147 8149 429e01 ___free_lconv_mon 14 API calls 8143->8149 8144 42beb7 8146 42bf17 8144->8146 8153 429e01 14 API calls ___free_lconv_mon 8144->8153 8150 429e01 ___free_lconv_mon 14 API calls 8145->8150 8151 429e01 ___free_lconv_mon 14 API calls 8146->8151 8159 42b97f 8147->8159 8154 42be3b 8148->8154 8155 42be9e 8149->8155 8150->8132 8158 42bf1d 8151->8158 8153->8144 8187 42ba7d 8154->8187 8157 429e01 ___free_lconv_mon 14 API calls 8155->8157 8157->8133 8158->8125 8160 42b990 8159->8160 8186 42ba79 8159->8186 8161 429e01 ___free_lconv_mon 14 API calls 8160->8161 8162 42b9a1 8160->8162 8161->8162 8163 429e01 ___free_lconv_mon 14 API calls 8162->8163 8165 42b9b3 8162->8165 8163->8165 8164 42b9c5 8167 42b9d7 8164->8167 8168 429e01 ___free_lconv_mon 14 API calls 8164->8168 8165->8164 8166 429e01 ___free_lconv_mon 14 API calls 8165->8166 8166->8164 8169 42b9e9 8167->8169 8171 429e01 ___free_lconv_mon 14 API calls 8167->8171 8168->8167 8170 42b9fb 8169->8170 8172 429e01 ___free_lconv_mon 14 API calls 8169->8172 8173 42ba0d 8170->8173 8174 429e01 ___free_lconv_mon 14 API calls 8170->8174 8171->8169 8172->8170 8175 42ba1f 8173->8175 8176 429e01 ___free_lconv_mon 14 API calls 8173->8176 8174->8173 8177 42ba31 8175->8177 8179 429e01 ___free_lconv_mon 14 API calls 8175->8179 8176->8175 8178 42ba43 8177->8178 8180 429e01 ___free_lconv_mon 14 API calls 8177->8180 8181 42ba55 8178->8181 8182 429e01 ___free_lconv_mon 14 API calls 8178->8182 8179->8177 8180->8178 8183 42ba67 8181->8183 8184 429e01 ___free_lconv_mon 14 API calls 8181->8184 8182->8181 8185 429e01 ___free_lconv_mon 14 API calls 8183->8185 8183->8186 8184->8183 8185->8186 8186->8137 8188 42bae2 8187->8188 8189 42ba8a 8187->8189 8188->8139 8190 42ba9a 8189->8190 8191 429e01 ___free_lconv_mon 14 API calls 8189->8191 8192 42baac 8190->8192 8193 429e01 ___free_lconv_mon 14 API calls 8190->8193 8191->8190 8194 42babe 8192->8194 8195 429e01 ___free_lconv_mon 14 API calls 8192->8195 8193->8192 8196 42bad0 8194->8196 8197 429e01 ___free_lconv_mon 14 API calls 8194->8197 8195->8194 8196->8188 8198 429e01 ___free_lconv_mon 14 API calls 8196->8198 8197->8196 8198->8188 8200 42bf78 8199->8200 8201 42bf59 8199->8201 8200->8144 8201->8200 8205 42bb0b 8201->8205 8204 429e01 ___free_lconv_mon 14 API calls 8204->8200 8206 42bbe9 8205->8206 8207 42bb1c 8205->8207 8206->8204 8241 42bae6 8207->8241 8210 42bae6 _unexpected 14 API calls 8211 42bb2f 8210->8211 8212 42bae6 _unexpected 14 API calls 8211->8212 8213 42bb3a 8212->8213 8214 42bae6 _unexpected 14 API calls 8213->8214 8215 42bb45 8214->8215 8216 42bae6 _unexpected 14 API calls 8215->8216 8217 42bb53 8216->8217 8218 429e01 ___free_lconv_mon 14 API calls 8217->8218 8219 42bb5e 8218->8219 8220 429e01 ___free_lconv_mon 14 API calls 8219->8220 8221 42bb69 8220->8221 8222 429e01 ___free_lconv_mon 14 API calls 8221->8222 8223 42bb74 8222->8223 8224 42bae6 _unexpected 14 API calls 8223->8224 8225 42bb82 8224->8225 8226 42bae6 _unexpected 14 API calls 8225->8226 8227 42bb90 8226->8227 8228 42bae6 _unexpected 14 API calls 8227->8228 8229 42bba1 8228->8229 8230 42bae6 _unexpected 14 API calls 8229->8230 8231 42bbaf 8230->8231 8232 42bae6 _unexpected 14 API calls 8231->8232 8233 42bbbd 8232->8233 8234 429e01 ___free_lconv_mon 14 API calls 8233->8234 8235 42bbc8 8234->8235 8236 429e01 ___free_lconv_mon 14 API calls 8235->8236 8237 42bbd3 8236->8237 8238 429e01 ___free_lconv_mon 14 API calls 8237->8238 8239 42bbde 8238->8239 8240 429e01 ___free_lconv_mon 14 API calls 8239->8240 8240->8206 8242 42baf8 8241->8242 8243 42bb07 8242->8243 8244 429e01 ___free_lconv_mon 14 API calls 8242->8244 8243->8210 8244->8242 8245->8130 8285 4252ee 8286 4252fa 8285->8286 8287 4252fe 8285->8287 8289 42530b ___scrt_release_startup_lock 8287->8289 8291 4255a9 IsProcessorFeaturePresent 8287->8291 8290 425374 __FrameHandler3::FrameUnwindToState 8292 4255bf _unexpected 8291->8292 8293 42566a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8292->8293 8294 4256b5 _unexpected 8293->8294 8294->8290 8415 428b6e 8416 4297a0 _unexpected 68 API calls 8415->8416 8417 428b79 8416->8417 8418 428bb1 8417->8418 8419 429d91 __dosmaperr 14 API calls 8417->8419 8420 428ba6 8419->8420 8421 429cb0 ___std_exception_copy 29 API calls 8420->8421 8421->8418 8295 4266f1 8296 426703 8295->8296 8297 426715 8295->8297 8296->8297 8298 42670b 8296->8298 8299 426913 _unexpected 78 API calls 8297->8299 8300 426713 8298->8300 8302 426913 _unexpected 78 API calls 8298->8302 8301 42671a 8299->8301 8301->8300 8304 426913 _unexpected 78 API calls 8301->8304 8303 426733 8302->8303 8305 426913 _unexpected 78 API calls 8303->8305 8304->8300 8306 42673e 8305->8306 8307 4290eb _unexpected 68 API calls 8306->8307 8308 426746 8307->8308 8246 430277 8247 430280 8246->8247 8248 4306f8 __startOneArgErrorHandling 20 API calls 8247->8248 8249 4302a0 8248->8249 7592 4268f7 7593 426901 7592->7593 7595 42690e 7592->7595 7594 429127 ___std_exception_destroy 14 API calls 7593->7594 7593->7595 7594->7595 8309 42c2f5 8310 42c211 _unexpected 5 API calls 8309->8310 8311 42c311 8310->8311 8312 42c329 TlsAlloc 8311->8312 8313 42c31a 8311->8313 8312->8313 6533 428a7b 6536 4288af 6533->6536 6537 4288ee 6536->6537 6538 4288dc 6536->6538 6548 42875f 6537->6548 6563 4256fa GetModuleHandleW 6538->6563 6543 42892b 6547 428940 6549 42876b __FrameHandler3::FrameUnwindToState 6548->6549 6571 42b43d EnterCriticalSection 6549->6571 6551 428775 6572 4287c7 6551->6572 6553 428782 6576 4287a0 6553->6576 6556 428946 6655 428977 6556->6655 6558 428950 6559 428964 6558->6559 6560 428954 GetCurrentProcess TerminateProcess 6558->6560 6561 428990 _unexpected 3 API calls 6559->6561 6560->6559 6562 42896c ExitProcess 6561->6562 6564 425706 6563->6564 6564->6537 6565 428990 GetModuleHandleExW 6564->6565 6566 4289f0 6565->6566 6567 4289cf GetProcAddress 6565->6567 6569 4289f6 FreeLibrary 6566->6569 6570 4288ed 6566->6570 6567->6566 6568 4289e3 6567->6568 6568->6566 6569->6570 6570->6537 6571->6551 6574 4287d3 __FrameHandler3::FrameUnwindToState _unexpected 6572->6574 6573 428837 _unexpected 6573->6553 6574->6573 6579 428eb4 6574->6579 6654 42b485 LeaveCriticalSection 6576->6654 6578 42878e 6578->6543 6578->6556 6580 428ec0 __EH_prolog3 6579->6580 6583 428c0c 6580->6583 6582 428ee7 _unexpected 6582->6573 6584 428c18 __FrameHandler3::FrameUnwindToState 6583->6584 6591 42b43d EnterCriticalSection 6584->6591 6586 428c26 6592 428dc4 6586->6592 6591->6586 6593 428de3 6592->6593 6594 428c33 6592->6594 6593->6594 6599 429e01 6593->6599 6596 428c5b 6594->6596 6653 42b485 LeaveCriticalSection 6596->6653 6598 428c44 6598->6582 6600 429e0c HeapFree 6599->6600 6604 429e36 6599->6604 6601 429e21 GetLastError 6600->6601 6600->6604 6602 429e2e __dosmaperr 6601->6602 6605 429d91 6602->6605 6604->6594 6608 4298f1 GetLastError 6605->6608 6607 429d96 6607->6604 6609 42990d 6608->6609 6610 429907 6608->6610 6614 429911 SetLastError 6609->6614 6636 42c3b2 6609->6636 6631 42c373 6610->6631 6614->6607 6618 429946 6620 42c3b2 _unexpected 6 API calls 6618->6620 6619 429957 6621 42c3b2 _unexpected 6 API calls 6619->6621 6625 429954 6620->6625 6622 429963 6621->6622 6623 429967 6622->6623 6624 42997e 6622->6624 6626 42c3b2 _unexpected 6 API calls 6623->6626 6648 4295ce 6624->6648 6627 429e01 ___free_lconv_mon 12 API calls 6625->6627 6626->6625 6627->6614 6630 429e01 ___free_lconv_mon 12 API calls 6630->6614 6632 42c211 _unexpected 5 API calls 6631->6632 6633 42c38f 6632->6633 6634 42c3aa TlsGetValue 6633->6634 6635 42c398 6633->6635 6635->6609 6637 42c211 _unexpected 5 API calls 6636->6637 6638 42c3ce 6637->6638 6639 429929 6638->6639 6640 42c3ec TlsSetValue 6638->6640 6639->6614 6641 429da4 6639->6641 6646 429db1 _unexpected 6641->6646 6642 429df1 6645 429d91 __dosmaperr 13 API calls 6642->6645 6643 429ddc HeapAlloc 6644 42993e 6643->6644 6643->6646 6644->6618 6644->6619 6645->6644 6646->6642 6646->6643 6647 42c647 _unexpected EnterCriticalSection LeaveCriticalSection 6646->6647 6647->6646 6649 429462 _unexpected EnterCriticalSection LeaveCriticalSection 6648->6649 6650 42963c 6649->6650 6651 429574 _unexpected 14 API calls 6650->6651 6652 429665 6651->6652 6652->6630 6653->6598 6654->6578 6658 42b4c1 6655->6658 6657 42897c _unexpected 6657->6558 6659 42b4d0 _unexpected 6658->6659 6660 42b4dd 6659->6660 6662 42c296 6659->6662 6660->6657 6665 42c211 6662->6665 6666 42c23d 6665->6666 6667 42c241 6665->6667 6666->6660 6667->6666 6672 42c146 6667->6672 6670 42c25b GetProcAddress 6670->6666 6671 42c26b _unexpected 6670->6671 6671->6666 6678 42c157 ___vcrt_FlsGetValue 6672->6678 6673 42c1ed 6673->6666 6673->6670 6674 42c175 LoadLibraryExW 6675 42c190 GetLastError 6674->6675 6676 42c1f4 6674->6676 6675->6678 6676->6673 6677 42c206 FreeLibrary 6676->6677 6677->6673 6678->6673 6678->6674 6679 42c1c3 LoadLibraryExW 6678->6679 6679->6676 6679->6678 7071 42547b 7074 42544e 7071->7074 7075 425464 7074->7075 7076 42545d 7074->7076 7083 428f1b 7075->7083 7080 428e9e 7076->7080 7079 425462 7081 428f1b 32 API calls 7080->7081 7082 428eb0 7081->7082 7082->7079 7086 428c67 7083->7086 7087 428c73 __FrameHandler3::FrameUnwindToState 7086->7087 7094 42b43d EnterCriticalSection 7087->7094 7089 428c81 7095 428cc2 7089->7095 7091 428c8e 7105 428cb6 7091->7105 7094->7089 7096 428cdd 7095->7096 7097 428d50 _unexpected 7095->7097 7096->7097 7098 428d30 7096->7098 7108 42c517 7096->7108 7097->7091 7098->7097 7100 42c517 32 API calls 7098->7100 7102 428d46 7100->7102 7101 428d26 7103 429e01 ___free_lconv_mon 14 API calls 7101->7103 7104 429e01 ___free_lconv_mon 14 API calls 7102->7104 7103->7098 7104->7097 7157 42b485 LeaveCriticalSection 7105->7157 7107 428c9f 7107->7079 7109 42c524 7108->7109 7110 42c53f 7108->7110 7109->7110 7111 42c530 7109->7111 7112 42c54e 7110->7112 7117 42ddc6 7110->7117 7113 429d91 __dosmaperr 14 API calls 7111->7113 7124 42ddf9 7112->7124 7116 42c535 _unexpected 7113->7116 7116->7101 7118 42ddd1 7117->7118 7119 42dde6 HeapSize 7117->7119 7120 429d91 __dosmaperr 14 API calls 7118->7120 7119->7112 7121 42ddd6 7120->7121 7122 429cb0 ___std_exception_copy 29 API calls 7121->7122 7123 42dde1 7122->7123 7123->7112 7125 42de11 7124->7125 7126 42de06 7124->7126 7128 42de19 7125->7128 7134 42de22 _unexpected 7125->7134 7136 42bbef 7126->7136 7129 429e01 ___free_lconv_mon 14 API calls 7128->7129 7132 42de0e 7129->7132 7130 42de27 7133 429d91 __dosmaperr 14 API calls 7130->7133 7131 42de4c HeapReAlloc 7131->7132 7131->7134 7132->7116 7133->7132 7134->7130 7134->7131 7143 42c647 7134->7143 7137 42bc2d 7136->7137 7142 42bbfd _unexpected 7136->7142 7138 429d91 __dosmaperr 14 API calls 7137->7138 7140 42bc2b 7138->7140 7139 42bc18 HeapAlloc 7139->7140 7139->7142 7140->7132 7141 42c647 _unexpected 2 API calls 7141->7142 7142->7137 7142->7139 7142->7141 7146 42c673 7143->7146 7147 42c67f __FrameHandler3::FrameUnwindToState 7146->7147 7152 42b43d EnterCriticalSection 7147->7152 7149 42c68a _unexpected 7153 42c6c1 7149->7153 7152->7149 7156 42b485 LeaveCriticalSection 7153->7156 7155 42c652 7155->7134 7156->7155 7157->7107 8517 42b3fc 8518 42b407 8517->8518 8520 42b430 8518->8520 8521 42b42c 8518->8521 8523 42c3f4 8518->8523 8528 42b454 8520->8528 8524 42c211 _unexpected 5 API calls 8523->8524 8525 42c410 8524->8525 8526 42c42e InitializeCriticalSectionAndSpinCount 8525->8526 8527 42c419 8525->8527 8526->8527 8527->8518 8529 42b480 8528->8529 8530 42b461 8528->8530 8529->8521 8531 42b46b DeleteCriticalSection 8530->8531 8531->8529 8531->8531 8422 429f05 8423 429f13 8422->8423 8424 429f2f 8422->8424 8445 42a5a5 8423->8445 8426 429f52 8424->8426 8427 429f36 8424->8427 8428 42b2b9 _unexpected WideCharToMultiByte 8426->8428 8433 429f1d 8427->8433 8449 42a5bf 8427->8449 8429 429f62 8428->8429 8431 429f69 GetLastError 8429->8431 8432 429f7f 8429->8432 8434 429d37 __dosmaperr 14 API calls 8431->8434 8435 429f90 8432->8435 8437 42a5bf 15 API calls 8432->8437 8436 429f75 8434->8436 8435->8433 8438 42a542 WideCharToMultiByte 8435->8438 8439 429d91 __dosmaperr 14 API calls 8436->8439 8437->8435 8440 429fa6 8438->8440 8439->8433 8440->8433 8441 429faa GetLastError 8440->8441 8442 429d37 __dosmaperr 14 API calls 8441->8442 8443 429fb6 8442->8443 8444 429d91 __dosmaperr 14 API calls 8443->8444 8444->8433 8446 42a5b0 8445->8446 8447 42a5b8 8445->8447 8448 429e01 ___free_lconv_mon 14 API calls 8446->8448 8447->8433 8448->8447 8450 42a5a5 14 API calls 8449->8450 8451 42a5cd 8450->8451 8454 42a63a 8451->8454 8455 42bbef 15 API calls 8454->8455 8456 42a5db 8455->8456 8456->8433 8457 426f0a 8458 425a25 _ValidateLocalCookies 5 API calls 8457->8458 8459 426f1c ___CxxFrameHandler 8458->8459 7596 42908c 7597 4290aa 7596->7597 7599 4290ca 7596->7599 7598 429d91 __dosmaperr 14 API calls 7597->7598 7600 4290c0 7598->7600 7601 429cb0 ___std_exception_copy 29 API calls 7600->7601 7601->7599 8532 42b78d GetStartupInfoW 8533 42b83e 8532->8533 8534 42b7aa 8532->8534 8534->8533 8538 42b598 8534->8538 8536 42b7d2 8536->8533 8537 42b802 GetFileType 8536->8537 8537->8536 8539 42b5a4 __FrameHandler3::FrameUnwindToState 8538->8539 8540 42b5ce 8539->8540 8541 42b5ad 8539->8541 8551 42b43d EnterCriticalSection 8540->8551 8542 429d91 __dosmaperr 14 API calls 8541->8542 8544 42b5b2 8542->8544 8545 429cb0 ___std_exception_copy 29 API calls 8544->8545 8546 42b5bc 8545->8546 8546->8536 8547 42b606 8559 42b62d 8547->8559 8549 42b5da 8549->8547 8552 42b4e8 8549->8552 8551->8549 8553 429da4 _unexpected 14 API calls 8552->8553 8556 42b4fa 8553->8556 8554 42b507 8555 429e01 ___free_lconv_mon 14 API calls 8554->8555 8557 42b55c 8555->8557 8556->8554 8558 42c3f4 6 API calls 8556->8558 8557->8549 8558->8556 8562 42b485 LeaveCriticalSection 8559->8562 8561 42b634 8561->8546 8562->8561 8250 42da10 8253 42da27 8250->8253 8252 42da22 8254 42da35 8253->8254 8255 42da49 8253->8255 8256 429d91 __dosmaperr 14 API calls 8254->8256 8257 42da63 8255->8257 8258 42da51 8255->8258 8259 42da3a 8256->8259 8261 42a49b 68 API calls 8257->8261 8264 42da61 8257->8264 8260 429d91 __dosmaperr 14 API calls 8258->8260 8262 429cb0 ___std_exception_copy 29 API calls 8259->8262 8263 42da56 8260->8263 8261->8264 8265 42da45 8262->8265 8266 429cb0 ___std_exception_copy 29 API calls 8263->8266 8264->8252 8265->8252 8266->8264 8314 428a91 8315 428ac3 8314->8315 8316 428aa0 8314->8316 8316->8315 8317 429d91 __dosmaperr 14 API calls 8316->8317 8318 428ab3 8317->8318 8319 429cb0 ___std_exception_copy 29 API calls 8318->8319 8320 428abe 8319->8320 7663 428516 7664 42852b 7663->7664 7665 429da4 _unexpected 14 API calls 7664->7665 7666 428552 7665->7666 7667 42855a 7666->7667 7672 428564 7666->7672 7668 429e01 ___free_lconv_mon 14 API calls 7667->7668 7669 428560 7668->7669 7670 4285c1 7671 429e01 ___free_lconv_mon 14 API calls 7670->7671 7671->7669 7672->7670 7672->7672 7673 429da4 _unexpected 14 API calls 7672->7673 7674 4285d0 7672->7674 7676 42914d ___std_exception_copy 29 API calls 7672->7676 7678 4285eb 7672->7678 7680 429e01 ___free_lconv_mon 14 API calls 7672->7680 7673->7672 7685 4285f8 7674->7685 7676->7672 7681 429cc0 ___std_exception_copy 11 API calls 7678->7681 7679 429e01 ___free_lconv_mon 14 API calls 7682 4285dd 7679->7682 7680->7672 7684 4285f7 7681->7684 7683 429e01 ___free_lconv_mon 14 API calls 7682->7683 7683->7669 7686 4285d6 7685->7686 7687 428605 7685->7687 7686->7679 7688 42861c 7687->7688 7690 429e01 ___free_lconv_mon 14 API calls 7687->7690 7689 429e01 ___free_lconv_mon 14 API calls 7688->7689 7689->7686 7690->7687 7691 42a51d 7692 42a527 7691->7692 7693 42a537 7692->7693 7694 429e01 ___free_lconv_mon 14 API calls 7692->7694 7695 429e01 ___free_lconv_mon 14 API calls 7693->7695 7694->7692 7696 42a53e 7695->7696 7158 42d420 7159 42d45a 7158->7159 7160 429d91 __dosmaperr 14 API calls 7159->7160 7165 42d46e 7159->7165 7161 42d463 7160->7161 7162 429cb0 ___std_exception_copy 29 API calls 7161->7162 7162->7165 7163 425a25 _ValidateLocalCookies 5 API calls 7164 42d47b 7163->7164 7165->7163 7165->7165 7166 425426 7167 425432 7166->7167 7168 425448 7167->7168 7172 42905c 7167->7172 7170 425440 7177 42654d 7170->7177 7173 429067 7172->7173 7174 429079 ___scrt_uninitialize_crt 7172->7174 7175 429075 7173->7175 7183 42cc7a 7173->7183 7174->7170 7175->7170 7178 426560 7177->7178 7179 426556 7177->7179 7178->7168 7255 4269e6 7179->7255 7186 42cb0b 7183->7186 7189 42ca5f 7186->7189 7190 42ca6b __FrameHandler3::FrameUnwindToState 7189->7190 7197 42b43d EnterCriticalSection 7190->7197 7192 42cae1 7206 42caff 7192->7206 7195 42ca75 _unexpected 7195->7192 7198 42c9d3 7195->7198 7197->7195 7199 42c9df __FrameHandler3::FrameUnwindToState 7198->7199 7209 42cd97 EnterCriticalSection 7199->7209 7201 42c9e9 _unexpected 7202 42ca22 7201->7202 7210 42cc15 7201->7210 7221 42ca53 7202->7221 7254 42b485 LeaveCriticalSection 7206->7254 7208 42caed 7208->7175 7209->7201 7211 42cc2a ___std_exception_copy 7210->7211 7212 42cc31 7211->7212 7213 42cc3c 7211->7213 7214 42cb0b ___scrt_uninitialize_crt 68 API calls 7212->7214 7215 42cbac _unexpected 68 API calls 7213->7215 7217 42cc37 ___std_exception_copy 7214->7217 7216 42cc46 7215->7216 7216->7217 7218 42d3f4 _unexpected 29 API calls 7216->7218 7217->7202 7219 42cc5d 7218->7219 7224 42df04 7219->7224 7253 42cdab LeaveCriticalSection 7221->7253 7223 42ca41 7223->7195 7225 42df22 7224->7225 7226 42df15 7224->7226 7228 42df6b 7225->7228 7232 42df49 7225->7232 7227 429d91 __dosmaperr 14 API calls 7226->7227 7230 42df1a 7227->7230 7229 429d91 __dosmaperr 14 API calls 7228->7229 7231 42df70 7229->7231 7230->7217 7233 429cb0 ___std_exception_copy 29 API calls 7231->7233 7235 42de62 7232->7235 7233->7230 7236 42de6e __FrameHandler3::FrameUnwindToState 7235->7236 7248 42b636 EnterCriticalSection 7236->7248 7238 42de7d 7239 42b70d _unexpected 29 API calls 7238->7239 7247 42dec2 7238->7247 7241 42dea9 FlushFileBuffers 7239->7241 7240 429d91 __dosmaperr 14 API calls 7242 42dec9 7240->7242 7241->7242 7243 42deb5 GetLastError 7241->7243 7249 42def8 7242->7249 7244 429d7e __dosmaperr 14 API calls 7243->7244 7244->7247 7247->7240 7248->7238 7252 42b659 LeaveCriticalSection 7249->7252 7251 42dee1 7251->7230 7252->7251 7253->7223 7254->7208 7256 4269f0 7255->7256 7257 42655b 7255->7257 7263 426bc9 7256->7263 7259 426a3d 7257->7259 7260 426a48 7259->7260 7262 426a67 7259->7262 7261 426a52 DeleteCriticalSection 7260->7261 7261->7261 7261->7262 7262->7178 7268 426aa3 7263->7268 7266 426bfb TlsFree 7267 426bef 7266->7267 7267->7257 7269 426ac0 7268->7269 7272 426ac4 7268->7272 7269->7266 7269->7267 7270 426b2c GetProcAddress 7270->7269 7272->7269 7272->7270 7273 426b1d 7272->7273 7275 426b43 LoadLibraryExW 7272->7275 7273->7270 7274 426b25 FreeLibrary 7273->7274 7274->7270 7276 426b5a GetLastError 7275->7276 7277 426b8a 7275->7277 7276->7277 7278 426b65 ___vcrt_FlsGetValue 7276->7278 7277->7272 7278->7277 7279 426b7b LoadLibraryExW 7278->7279 7279->7272 7602 4304a7 7604 4304c0 __startOneArgErrorHandling 7602->7604 7603 430511 __startOneArgErrorHandling 7604->7603 7606 430850 7604->7606 7607 430889 __startOneArgErrorHandling 7606->7607 7609 4308b0 __startOneArgErrorHandling 7607->7609 7617 430bc1 7607->7617 7610 4308f3 7609->7610 7612 4308ce 7609->7612 7629 430eb2 7610->7629 7621 430ee3 7612->7621 7614 4308ee __startOneArgErrorHandling 7615 425a25 _ValidateLocalCookies 5 API calls 7614->7615 7616 430917 7615->7616 7616->7603 7618 430bec __raise_exc 7617->7618 7619 430de5 RaiseException 7618->7619 7620 430dfd 7619->7620 7620->7609 7622 430ef0 7621->7622 7623 430eff __startOneArgErrorHandling 7622->7623 7624 430f2e __startOneArgErrorHandling 7622->7624 7625 430eb2 __startOneArgErrorHandling 14 API calls 7623->7625 7627 430f7c 7624->7627 7628 430eb2 __startOneArgErrorHandling 14 API calls 7624->7628 7626 430f18 7625->7626 7626->7614 7627->7614 7628->7627 7630 430ed6 7629->7630 7631 430ebf 7629->7631 7632 429d91 __dosmaperr 14 API calls 7630->7632 7633 430edb 7631->7633 7634 429d91 __dosmaperr 14 API calls 7631->7634 7632->7633 7633->7614 7635 430ece 7634->7635 7635->7614 8267 428627 8268 428639 8267->8268 8270 42863f 8267->8270 8269 4285f8 14 API calls 8268->8269 8269->8270 7729 4281b1 7730 4281c8 7729->7730 7740 4281c1 7729->7740 7731 4281e9 7730->7731 7733 4281d3 7730->7733 7759 42ae05 7731->7759 7735 429d91 __dosmaperr 14 API calls 7733->7735 7736 4281d8 7735->7736 7738 429cb0 ___std_exception_copy 29 API calls 7736->7738 7738->7740 7745 428257 7748 4282ee 68 API calls 7745->7748 7746 42824b 7747 429d91 __dosmaperr 14 API calls 7746->7747 7749 428250 7747->7749 7750 42826d 7748->7750 7752 429e01 ___free_lconv_mon 14 API calls 7749->7752 7750->7749 7751 428291 7750->7751 7753 4282b2 7751->7753 7754 4282a8 7751->7754 7752->7740 7756 429e01 ___free_lconv_mon 14 API calls 7753->7756 7755 429e01 ___free_lconv_mon 14 API calls 7754->7755 7757 4282b0 7755->7757 7756->7757 7758 429e01 ___free_lconv_mon 14 API calls 7757->7758 7758->7740 7760 42ae0e 7759->7760 7764 4281ef 7759->7764 7787 42985b 7760->7787 7765 42a7e8 GetModuleFileNameW 7764->7765 7766 42a817 GetLastError 7765->7766 7767 42a828 7765->7767 7986 429d37 7766->7986 7991 42a566 7767->7991 7772 42a823 7773 425a25 _ValidateLocalCookies 5 API calls 7772->7773 7774 428202 7773->7774 7775 4282ee 7774->7775 7777 428314 7775->7777 7779 428372 7777->7779 8030 42b136 7777->8030 7778 428235 7781 428462 7778->7781 7779->7778 7780 42b136 68 API calls 7779->7780 7780->7779 7782 428473 7781->7782 7783 428242 7781->7783 7782->7783 7784 429da4 _unexpected 14 API calls 7782->7784 7783->7745 7783->7746 7785 42849c 7784->7785 7786 429e01 ___free_lconv_mon 14 API calls 7785->7786 7786->7783 7788 429866 7787->7788 7789 42986c 7787->7789 7790 42c373 _unexpected 6 API calls 7788->7790 7791 42c3b2 _unexpected 6 API calls 7789->7791 7808 429872 7789->7808 7790->7789 7792 429886 7791->7792 7793 429da4 _unexpected 14 API calls 7792->7793 7792->7808 7796 429896 7793->7796 7794 4291a7 CallUnexpected 68 API calls 7795 4298f0 7794->7795 7797 4298b3 7796->7797 7798 42989e 7796->7798 7799 42c3b2 _unexpected 6 API calls 7797->7799 7800 42c3b2 _unexpected 6 API calls 7798->7800 7801 4298bf 7799->7801 7802 4298aa 7800->7802 7803 4298d2 7801->7803 7804 4298c3 7801->7804 7805 429e01 ___free_lconv_mon 14 API calls 7802->7805 7807 4295ce _unexpected 14 API calls 7803->7807 7806 42c3b2 _unexpected 6 API calls 7804->7806 7805->7808 7806->7802 7809 4298dd 7807->7809 7808->7794 7811 429877 7808->7811 7810 429e01 ___free_lconv_mon 14 API calls 7809->7810 7810->7811 7812 42ac10 7811->7812 7813 42ad65 _unexpected 68 API calls 7812->7813 7814 42ac3a 7813->7814 7835 42a997 7814->7835 7817 42ac53 7817->7764 7818 42bbef 15 API calls 7819 42ac64 7818->7819 7820 42ac7a 7819->7820 7821 42ac6c 7819->7821 7842 42ae60 7820->7842 7822 429e01 ___free_lconv_mon 14 API calls 7821->7822 7822->7817 7825 42acb2 7826 429d91 __dosmaperr 14 API calls 7825->7826 7827 42acb7 7826->7827 7829 429e01 ___free_lconv_mon 14 API calls 7827->7829 7828 42accd 7830 429e01 ___free_lconv_mon 14 API calls 7828->7830 7833 42acf9 7828->7833 7829->7817 7830->7833 7832 429e01 ___free_lconv_mon 14 API calls 7832->7817 7834 42ad42 7833->7834 7853 42a889 7833->7853 7834->7832 7861 42a49b 7835->7861 7837 42a9a9 7838 42a9ca 7837->7838 7839 42a9b8 GetOEMCP 7837->7839 7840 42a9cf GetACP 7838->7840 7841 42a9e1 7838->7841 7839->7841 7840->7841 7841->7817 7841->7818 7843 42a997 70 API calls 7842->7843 7844 42ae80 7843->7844 7845 42af85 7844->7845 7847 42aebd IsValidCodePage 7844->7847 7852 42aed8 _unexpected 7844->7852 7846 425a25 _ValidateLocalCookies 5 API calls 7845->7846 7848 42aca7 7846->7848 7847->7845 7849 42aecf 7847->7849 7848->7825 7848->7828 7850 42aef8 GetCPInfo 7849->7850 7849->7852 7850->7845 7850->7852 7877 42aa6b 7852->7877 7854 42a895 __FrameHandler3::FrameUnwindToState 7853->7854 7960 42b43d EnterCriticalSection 7854->7960 7856 42a89f 7961 42a8d6 7856->7961 7862 42a4b2 7861->7862 7863 42a4b9 7861->7863 7862->7837 7863->7862 7864 4297a0 _unexpected 68 API calls 7863->7864 7865 42a4da 7864->7865 7869 42d205 7865->7869 7870 42d218 7869->7870 7871 42a4f0 7869->7871 7870->7871 7872 42c027 _unexpected 68 API calls 7870->7872 7873 42d263 7871->7873 7872->7871 7874 42d276 7873->7874 7875 42d28b 7873->7875 7874->7875 7876 42ae4d _unexpected 68 API calls 7874->7876 7875->7862 7876->7875 7878 42aa93 GetCPInfo 7877->7878 7887 42ab5c 7877->7887 7883 42aaab 7878->7883 7878->7887 7880 425a25 _ValidateLocalCookies 5 API calls 7882 42ac0e 7880->7882 7882->7845 7888 42bc3d 7883->7888 7886 42dca3 70 API calls 7886->7887 7887->7880 7889 42a49b 68 API calls 7888->7889 7890 42bc5d 7889->7890 7908 42b1ff 7890->7908 7892 42bd19 7896 425a25 _ValidateLocalCookies 5 API calls 7892->7896 7893 42bd11 7911 42bd3e 7893->7911 7894 42bc8a 7894->7892 7894->7893 7895 42bcaf _unexpected 7894->7895 7898 42bbef 15 API calls 7894->7898 7895->7893 7900 42b1ff _unexpected MultiByteToWideChar 7895->7900 7899 42ab13 7896->7899 7898->7895 7903 42dca3 7899->7903 7901 42bcf8 7900->7901 7901->7893 7902 42bcff GetStringTypeW 7901->7902 7902->7893 7904 42a49b 68 API calls 7903->7904 7905 42dcb6 7904->7905 7917 42dab4 7905->7917 7915 42b167 7908->7915 7912 42bd4a 7911->7912 7913 42bd5b 7911->7913 7912->7913 7914 429e01 ___free_lconv_mon 14 API calls 7912->7914 7913->7892 7914->7913 7916 42b178 MultiByteToWideChar 7915->7916 7916->7894 7918 42dacf 7917->7918 7919 42b1ff _unexpected MultiByteToWideChar 7918->7919 7923 42db13 7919->7923 7920 42dc8e 7922 425a25 _ValidateLocalCookies 5 API calls 7920->7922 7921 42dbe1 7926 42bd3e __freea 14 API calls 7921->7926 7924 42ab34 7922->7924 7923->7920 7923->7921 7925 42bbef 15 API calls 7923->7925 7927 42db39 7923->7927 7924->7886 7925->7927 7926->7920 7927->7921 7928 42b1ff _unexpected MultiByteToWideChar 7927->7928 7929 42db82 7928->7929 7929->7921 7945 42c43f 7929->7945 7932 42dbf0 7934 42dc79 7932->7934 7935 42dc02 7932->7935 7936 42bbef 15 API calls 7932->7936 7933 42dbb8 7933->7921 7938 42c43f 6 API calls 7933->7938 7937 42bd3e __freea 14 API calls 7934->7937 7935->7934 7939 42c43f 6 API calls 7935->7939 7936->7935 7937->7921 7938->7921 7940 42dc45 7939->7940 7940->7934 7941 42b2b9 _unexpected WideCharToMultiByte 7940->7941 7942 42dc5f 7941->7942 7942->7934 7943 42dc68 7942->7943 7944 42bd3e __freea 14 API calls 7943->7944 7944->7921 7951 42c112 7945->7951 7949 42c490 LCMapStringW 7950 42c450 7949->7950 7950->7921 7950->7932 7950->7933 7952 42c211 _unexpected 5 API calls 7951->7952 7953 42c128 7952->7953 7953->7950 7954 42c49c 7953->7954 7957 42c12c 7954->7957 7956 42c4a7 7956->7949 7958 42c211 _unexpected 5 API calls 7957->7958 7959 42c142 7958->7959 7959->7956 7960->7856 7971 42b065 7961->7971 7963 42a8f8 7964 42b065 29 API calls 7963->7964 7965 42a917 7964->7965 7966 42a8ac 7965->7966 7967 429e01 ___free_lconv_mon 14 API calls 7965->7967 7968 42a8ca 7966->7968 7967->7966 7985 42b485 LeaveCriticalSection 7968->7985 7970 42a8b8 7970->7834 7972 42b076 7971->7972 7981 42b072 CatchIt 7971->7981 7973 42b07d 7972->7973 7976 42b090 _unexpected 7972->7976 7974 429d91 __dosmaperr 14 API calls 7973->7974 7975 42b082 7974->7975 7977 429cb0 ___std_exception_copy 29 API calls 7975->7977 7978 42b0c7 7976->7978 7979 42b0be 7976->7979 7976->7981 7977->7981 7978->7981 7983 429d91 __dosmaperr 14 API calls 7978->7983 7980 429d91 __dosmaperr 14 API calls 7979->7980 7982 42b0c3 7980->7982 7981->7963 7984 429cb0 ___std_exception_copy 29 API calls 7982->7984 7983->7982 7984->7981 7985->7970 7987 429d7e __dosmaperr 14 API calls 7986->7987 7988 429d42 __dosmaperr 7987->7988 7989 429d91 __dosmaperr 14 API calls 7988->7989 7990 429d55 7989->7990 7990->7772 7992 42a49b 68 API calls 7991->7992 7993 42a578 7992->7993 7994 42a58a 7993->7994 8017 42c2d6 7993->8017 7996 42a6eb 7994->7996 7997 42a707 7996->7997 7998 42a6f8 7996->7998 7999 42a734 7997->7999 8000 42a70f 7997->8000 7998->7772 8001 42b2b9 _unexpected WideCharToMultiByte 7999->8001 8000->7998 8023 42a7ad 8000->8023 8003 42a744 8001->8003 8004 42a761 8003->8004 8005 42a74b GetLastError 8003->8005 8006 42a772 8004->8006 8008 42a7ad 14 API calls 8004->8008 8007 429d37 __dosmaperr 14 API calls 8005->8007 8006->7998 8027 42a542 8006->8027 8010 42a757 8007->8010 8008->8006 8012 429d91 __dosmaperr 14 API calls 8010->8012 8012->7998 8013 42a78c GetLastError 8014 429d37 __dosmaperr 14 API calls 8013->8014 8015 42a798 8014->8015 8016 429d91 __dosmaperr 14 API calls 8015->8016 8016->7998 8020 42c0f8 8017->8020 8021 42c211 _unexpected 5 API calls 8020->8021 8022 42c10e 8021->8022 8022->7994 8024 42a7b8 8023->8024 8025 429d91 __dosmaperr 14 API calls 8024->8025 8026 42a7c1 8025->8026 8026->7998 8028 42b2b9 _unexpected WideCharToMultiByte 8027->8028 8029 42a55f 8028->8029 8029->7998 8029->8013 8033 42b0e6 8030->8033 8034 42a49b 68 API calls 8033->8034 8035 42b0f9 8034->8035 8035->7777 8460 42c334 8461 42c211 _unexpected 5 API calls 8460->8461 8462 42c350 8461->8462 8463 42c36b TlsFree 8462->8463 8464 42c359 8462->8464 8563 428fb4 8566 42901c 8563->8566 8567 429030 8566->8567 8568 428fc7 8566->8568 8567->8568 8569 429e01 ___free_lconv_mon 14 API calls 8567->8569 8569->8568 8271 425235 8274 4254dd 8271->8274 8273 42523a 8273->8273 8275 4254f3 8274->8275 8276 4254fc 8275->8276 8278 425490 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 8275->8278 8276->8273 8278->8276 8321 4252b5 8322 4252be 8321->8322 8329 425845 IsProcessorFeaturePresent 8322->8329 8326 4252cf 8327 4252d3 8326->8327 8328 42654d ___scrt_uninitialize_crt 7 API calls 8326->8328 8328->8327 8330 4252ca 8329->8330 8331 42652e 8330->8331 8339 426a01 8331->8339 8334 426537 8334->8326 8336 42653f 8337 42654a 8336->8337 8338 426a3d ___vcrt_uninitialize_locks DeleteCriticalSection 8336->8338 8337->8326 8338->8334 8340 426a0a 8339->8340 8342 426a33 8340->8342 8344 426533 8340->8344 8353 426c7d 8340->8353 8343 426a3d ___vcrt_uninitialize_locks DeleteCriticalSection 8342->8343 8343->8344 8344->8334 8345 4269b3 8344->8345 8358 426b8e 8345->8358 8348 426c3f ___vcrt_FlsSetValue 6 API calls 8349 4269d6 8348->8349 8350 4269e3 8349->8350 8351 4269e6 ___vcrt_uninitialize_ptd 6 API calls 8349->8351 8350->8336 8352 4269c8 8351->8352 8352->8336 8354 426aa3 ___vcrt_FlsGetValue 5 API calls 8353->8354 8355 426c97 8354->8355 8356 426cb5 InitializeCriticalSectionAndSpinCount 8355->8356 8357 426ca0 8355->8357 8356->8357 8357->8340 8359 426aa3 ___vcrt_FlsGetValue 5 API calls 8358->8359 8360 426ba8 8359->8360 8361 426bc1 TlsAlloc 8360->8361 8362 4269bd 8360->8362 8362->8348 8362->8352 7280 42783a 7281 427848 ___except_validate_context_record 7280->7281 7289 426913 7281->7289 7284 42788d 7288 4278ab 7284->7288 7303 427c59 7284->7303 7286 4278b3 7286->7288 7306 4272d1 7286->7306 7357 426921 7289->7357 7291 426918 7292 426920 7291->7292 7371 42c79c 7291->7371 7292->7284 7292->7286 7292->7288 7295 4291b7 7296 4291c1 IsProcessorFeaturePresent 7295->7296 7302 4291e0 7295->7302 7298 4291cd 7296->7298 7300 429ab4 _unexpected 8 API calls 7298->7300 7300->7302 7407 428a3f 7302->7407 7442 427c71 7303->7442 7305 427c6c 7305->7288 7311 4272f1 __FrameHandler3::FrameUnwindToState 7306->7311 7307 427604 7308 4291a7 CallUnexpected 68 API calls 7307->7308 7318 42760a 7307->7318 7309 427675 7308->7309 7310 4275d9 7310->7307 7332 4275d7 7310->7332 7476 427676 7310->7476 7311->7307 7312 4273d3 7311->7312 7313 426913 _unexpected 78 API calls 7311->7313 7312->7310 7314 42745c 7312->7314 7355 4273d9 type_info::operator== 7312->7355 7317 427353 7313->7317 7321 427573 __InternalCxxFrameHandler 7314->7321 7461 426cc4 7314->7461 7315 426913 _unexpected 78 API calls 7315->7307 7317->7318 7320 426913 _unexpected 78 API calls 7317->7320 7318->7288 7323 427361 7320->7323 7322 4275a3 7321->7322 7324 4275ad 7321->7324 7325 4275c8 7321->7325 7321->7332 7322->7324 7322->7332 7326 426913 _unexpected 78 API calls 7323->7326 7327 426913 _unexpected 78 API calls 7324->7327 7328 427d59 __InternalCxxFrameHandler 68 API calls 7325->7328 7336 427369 7326->7336 7329 4275b8 7327->7329 7330 4275d1 7328->7330 7331 426913 _unexpected 78 API calls 7329->7331 7330->7332 7333 427634 7330->7333 7331->7355 7332->7315 7335 426913 _unexpected 78 API calls 7333->7335 7334 426913 _unexpected 78 API calls 7337 4273b2 7334->7337 7338 427639 7335->7338 7336->7307 7336->7334 7337->7312 7341 426913 _unexpected 78 API calls 7337->7341 7339 426913 _unexpected 78 API calls 7338->7339 7342 427641 7339->7342 7344 4273bc 7341->7344 7502 426eb7 RtlUnwind 7342->7502 7343 42747d ___TypeMatch 7343->7321 7466 427251 7343->7466 7345 426913 _unexpected 78 API calls 7344->7345 7348 4273c7 7345->7348 7456 427d59 7348->7456 7349 427655 7352 427c59 __InternalCxxFrameHandler 78 API calls 7349->7352 7350 427614 __InternalCxxFrameHandler 7499 427f46 7350->7499 7354 427661 __InternalCxxFrameHandler 7352->7354 7503 427bd0 7354->7503 7355->7350 7493 4290eb 7355->7493 7358 42692a 7357->7358 7359 42692d GetLastError 7357->7359 7358->7291 7410 426c04 7359->7410 7362 4269a7 SetLastError 7362->7291 7364 42695b _unexpected 7365 426983 7364->7365 7367 426c3f ___vcrt_FlsSetValue 6 API calls 7364->7367 7370 426961 7364->7370 7366 426c3f ___vcrt_FlsSetValue 6 API calls 7365->7366 7368 426997 7365->7368 7366->7368 7367->7365 7420 429127 7368->7420 7370->7362 7423 42c6ca 7371->7423 7374 42c7e1 7375 42c7ed __FrameHandler3::FrameUnwindToState 7374->7375 7376 42c81e _unexpected 7375->7376 7377 4298f1 __dosmaperr 14 API calls 7375->7377 7378 42c83d 7375->7378 7381 42c84f _unexpected 7375->7381 7376->7378 7376->7381 7401 42c827 7376->7401 7377->7376 7379 429d91 __dosmaperr 14 API calls 7378->7379 7382 42c842 7379->7382 7380 42c885 _unexpected 7386 42c8c2 7380->7386 7387 42c9bf 7380->7387 7397 42c8f0 7380->7397 7381->7380 7434 42b43d EnterCriticalSection 7381->7434 7383 429cb0 ___std_exception_copy 29 API calls 7382->7383 7383->7401 7392 4297a0 _unexpected 68 API calls 7386->7392 7386->7397 7389 42c9ca 7387->7389 7439 42b485 LeaveCriticalSection 7387->7439 7391 428a3f _unexpected 21 API calls 7389->7391 7396 42c9d2 __FrameHandler3::FrameUnwindToState 7391->7396 7394 42c8e5 7392->7394 7393 4297a0 _unexpected 68 API calls 7399 42c945 7393->7399 7395 4297a0 _unexpected 68 API calls 7394->7395 7395->7397 7440 42cd97 EnterCriticalSection 7396->7440 7435 42c96b 7397->7435 7400 4297a0 _unexpected 68 API calls 7399->7400 7399->7401 7400->7401 7401->7295 7402 42c9e9 _unexpected 7403 42ca22 7402->7403 7405 42cc15 _unexpected 68 API calls 7402->7405 7404 42ca53 _unexpected LeaveCriticalSection 7403->7404 7406 42ca41 7404->7406 7405->7403 7406->7295 7408 4288af _unexpected 21 API calls 7407->7408 7409 428a50 7408->7409 7411 426aa3 ___vcrt_FlsGetValue 5 API calls 7410->7411 7412 426c1e 7411->7412 7413 426c36 TlsGetValue 7412->7413 7414 426942 7412->7414 7413->7414 7414->7362 7414->7370 7415 426c3f 7414->7415 7416 426aa3 ___vcrt_FlsGetValue 5 API calls 7415->7416 7417 426c59 7416->7417 7418 426c74 TlsSetValue 7417->7418 7419 426c68 7417->7419 7418->7419 7419->7364 7421 429e01 ___free_lconv_mon 14 API calls 7420->7421 7422 42913f 7421->7422 7422->7370 7424 42c6d6 __FrameHandler3::FrameUnwindToState 7423->7424 7429 42b43d EnterCriticalSection 7424->7429 7426 42c6e4 7430 42c726 7426->7430 7429->7426 7433 42b485 LeaveCriticalSection 7430->7433 7432 4291ac 7432->7295 7432->7374 7433->7432 7434->7380 7436 42c937 7435->7436 7437 42c96f 7435->7437 7436->7393 7436->7399 7436->7401 7441 42b485 LeaveCriticalSection 7437->7441 7439->7389 7440->7402 7441->7436 7443 427c7d __FrameHandler3::FrameUnwindToState 7442->7443 7444 426913 _unexpected 78 API calls 7443->7444 7450 427c98 __CallSettingFrame@12 CatchIt 7444->7450 7446 4291a7 CallUnexpected 68 API calls 7449 427d58 7446->7449 7447 427d18 7447->7446 7448 427d1d CatchIt 7447->7448 7448->7305 7450->7447 7451 427d3f 7450->7451 7452 426913 _unexpected 78 API calls 7451->7452 7453 427d44 7452->7453 7454 427d4f 7453->7454 7455 426913 _unexpected 78 API calls 7453->7455 7454->7447 7455->7454 7457 427ded 7456->7457 7460 427d6d ___TypeMatch 7456->7460 7458 4291a7 CallUnexpected 68 API calls 7457->7458 7459 427df2 7458->7459 7460->7312 7462 426ce2 7461->7462 7463 426d18 7462->7463 7464 4291a7 CallUnexpected 68 API calls 7462->7464 7463->7343 7465 426d33 7464->7465 7467 427270 7466->7467 7468 427263 7466->7468 7522 426eb7 RtlUnwind 7467->7522 7518 4271b8 7468->7518 7471 427285 7472 427c71 __FrameHandler3::FrameUnwindToState 78 API calls 7471->7472 7473 427296 CatchIt 7472->7473 7523 427a01 7473->7523 7475 4272be CatchIt 7475->7343 7477 4277a1 7476->7477 7478 42768c 7476->7478 7477->7332 7479 426913 _unexpected 78 API calls 7478->7479 7480 427693 7479->7480 7481 42769a EncodePointer 7480->7481 7491 4276d5 7480->7491 7482 426913 _unexpected 78 API calls 7481->7482 7489 4276a8 7482->7489 7483 4276f2 7486 426cc4 __InternalCxxFrameHandler 68 API calls 7483->7486 7484 4277a6 7485 4291a7 CallUnexpected 68 API calls 7484->7485 7488 4277ab 7485->7488 7487 427709 7486->7487 7487->7477 7492 427251 CatchIt 79 API calls 7487->7492 7490 426d91 __InternalCxxFrameHandler 78 API calls 7489->7490 7489->7491 7490->7491 7491->7477 7491->7483 7491->7484 7492->7487 7494 4290f7 __FrameHandler3::FrameUnwindToState 7493->7494 7495 4297a0 _unexpected 68 API calls 7494->7495 7498 4290fc 7495->7498 7496 4291a7 CallUnexpected 68 API calls 7497 429126 7496->7497 7498->7496 7500 427f8d RaiseException 7499->7500 7501 427f60 7499->7501 7500->7333 7501->7500 7502->7349 7504 427bdc __EH_prolog3_catch 7503->7504 7505 426913 _unexpected 78 API calls 7504->7505 7506 427be1 7505->7506 7507 427c04 7506->7507 7583 427e7c 7506->7583 7509 4291a7 CallUnexpected 68 API calls 7507->7509 7515 427c09 7509->7515 7512 427c55 7512->7307 7515->7512 7516 426913 _unexpected 78 API calls 7515->7516 7517 427c4b 7516->7517 7517->7307 7519 4271c4 __FrameHandler3::FrameUnwindToState 7518->7519 7537 42707a 7519->7537 7521 4271ec CatchIt ___AdjustPointer 7521->7467 7522->7471 7524 427a0d __FrameHandler3::FrameUnwindToState 7523->7524 7544 426f3b 7524->7544 7527 426913 _unexpected 78 API calls 7528 427a39 7527->7528 7529 426913 _unexpected 78 API calls 7528->7529 7530 427a44 7529->7530 7531 426913 _unexpected 78 API calls 7530->7531 7532 427a4f 7531->7532 7533 426913 _unexpected 78 API calls 7532->7533 7534 427a57 CatchIt 7533->7534 7549 427b54 7534->7549 7536 427b3c 7536->7475 7538 427086 __FrameHandler3::FrameUnwindToState 7537->7538 7539 4291a7 CallUnexpected 68 API calls 7538->7539 7540 427101 CatchIt ___AdjustPointer 7538->7540 7541 4271b7 __FrameHandler3::FrameUnwindToState 7539->7541 7540->7521 7542 42707a CatchIt 68 API calls 7541->7542 7543 4271ec CatchIt ___AdjustPointer 7542->7543 7543->7521 7545 426913 _unexpected 78 API calls 7544->7545 7546 426f4c 7545->7546 7547 426913 _unexpected 78 API calls 7546->7547 7548 426f57 7547->7548 7548->7527 7558 426f5f 7549->7558 7551 427b65 7552 426913 _unexpected 78 API calls 7551->7552 7553 427b6b 7552->7553 7554 426913 _unexpected 78 API calls 7553->7554 7555 427b76 7554->7555 7557 427bb7 __InternalCxxFrameHandler 7555->7557 7575 4266a6 7555->7575 7557->7536 7559 426913 _unexpected 78 API calls 7558->7559 7560 426f68 7559->7560 7561 426f70 7560->7561 7562 426f7e 7560->7562 7563 426913 _unexpected 78 API calls 7561->7563 7564 426913 _unexpected 78 API calls 7562->7564 7565 426f78 7563->7565 7566 426f83 7564->7566 7565->7551 7566->7565 7567 4291a7 CallUnexpected 68 API calls 7566->7567 7568 426fa6 7567->7568 7569 425a25 _ValidateLocalCookies 5 API calls 7568->7569 7570 426fbb ___CxxFrameHandler 7569->7570 7571 427015 7570->7571 7574 426fc6 7570->7574 7578 426eb7 RtlUnwind 7570->7578 7579 426d91 7571->7579 7574->7551 7576 426913 _unexpected 78 API calls 7575->7576 7577 4266ae 7576->7577 7577->7557 7578->7571 7580 426db3 __InternalCxxFrameHandler 7579->7580 7582 426da1 7579->7582 7581 426913 _unexpected 78 API calls 7580->7581 7581->7582 7582->7574 7584 426913 _unexpected 78 API calls 7583->7584 7586 427e82 7584->7586 7585 4290eb _unexpected 68 API calls 7587 427e98 7585->7587 7586->7585

                                            Executed Functions

                                            Function 00424E5A Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 89memorystringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetProcessHeap.KERNEL32(00000000,3B9ACA00), ref: 00424E6D
                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00424E74
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00424EA5
                                            • _wcsrchr.LIBVCRUNTIME ref: 00424EB8
                                            • lstrlenW.KERNEL32(-00000002), ref: 00424EDD
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00424F14
                                            • RtlFreeHeap.NTDLL(00000000), ref: 00424F1B
                                            • MulDiv.KERNEL32(00000001,80000000,80000000), ref: 00424F30
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$Process$AllocateFileFreeModuleName_wcsrchrlstrlen
                                            • String ID: $($@
                                            • API String ID: 443335681-2581157662
                                            • Opcode ID: 4a6969c73fee2ab16a73259faee53858f3156e4df1be3dd813d1fec864c14037
                                            • Instruction ID: be5ef30631018e73b40bebf3ab7c204a3c001e642ca1778efa1ff50b2a995815
                                            • Opcode Fuzzy Hash: 4a6969c73fee2ab16a73259faee53858f3156e4df1be3dd813d1fec864c14037
                                            • Instruction Fuzzy Hash: 36212C75700320AEE7305764BE4DF6B669CDBC5355F920027F605E76D1DAA88C40C57D
                                            Function 0042C146 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 26 42c146-42c152 27 42c1e4-42c1e7 26->27 28 42c157-42c168 27->28 29 42c1ed 27->29 31 42c175-42c18e LoadLibraryExW 28->31 32 42c16a-42c16d 28->32 30 42c1ef-42c1f3 29->30 35 42c190-42c199 GetLastError 31->35 36 42c1f4-42c204 31->36 33 42c173 32->33 34 42c20d-42c20f 32->34 38 42c1e1 33->38 34->30 39 42c1d2-42c1df 35->39 40 42c19b-42c1ad call 429428 35->40 36->34 37 42c206-42c207 FreeLibrary 36->37 37->34 38->27 39->38 40->39 43 42c1af-42c1c1 call 429428 40->43 43->39 46 42c1c3-42c1d0 LoadLibraryExW 43->46 46->36 46->39
                                            APIs
                                            • FreeLibrary.KERNEL32(00000000,?,0042C255,0042CAD9,?,00000000,00000000,00000000,?,0042C3CE,00000022,FlsSetValue,00444078,00444080,00000000), ref: 0042C207
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID: api-ms-$ext-ms-
                                            • API String ID: 3664257935-537541572
                                            • Opcode ID: ebffaa51a5fc76d1492a932055384fad9e2e10e731ada237fc40a0002bdefe5e
                                            • Instruction ID: 1f77fc81c0a68ee6f3138aed61358145f6b83d7b6bac0c9dc03c5386dc0e7d78
                                            • Opcode Fuzzy Hash: ebffaa51a5fc76d1492a932055384fad9e2e10e731ada237fc40a0002bdefe5e
                                            • Instruction Fuzzy Hash: D2210B35B40120EBD7219B60BC82A6F3769EF42760FA00122FD11E7381DB74EE10CAE9
                                            Function 004322CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00432314
                                              • Part of subcall function 00432098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004320C1
                                              • Part of subcall function 00432098: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0043226D
                                            • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00432366
                                            • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 004323C0
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004323F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.1740948671.0000000000432000.00000040.00000001.01000000.00000003.sdmp, Offset: 00432000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_432000_UGcjMkPWwW.jbxd
                                            Similarity
                                            • API ID: Virtual$Alloc$Free$Protect
                                            • String ID: ,
                                            • API String ID: 1004437363-3772416878
                                            • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                            • Instruction ID: a9b97ab7347ca5250ebf2a160aa0c7214d6c775a5c1ad3215425b97944af8a4a
                                            • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                            • Instruction Fuzzy Hash: B251F875900709AFCB10DFA9C981B9EBBF4FF08354F10951AFA59A7240D3B4E954CBA4
                                            Function 004322CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00432314
                                              • Part of subcall function 00432098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004320C1
                                              • Part of subcall function 00432098: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0043226D
                                            • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00432366
                                            • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 004323C0
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004323F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Virtual$Alloc$Free$Protect
                                            • String ID: ,
                                            • API String ID: 1004437363-3772416878
                                            • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                            • Instruction ID: a9b97ab7347ca5250ebf2a160aa0c7214d6c775a5c1ad3215425b97944af8a4a
                                            • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                            • Instruction Fuzzy Hash: B251F875900709AFCB10DFA9C981B9EBBF4FF08354F10951AFA59A7240D3B4E954CBA4
                                            Function 00428946 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetCurrentProcess.KERNEL32(00428A50,?,00428940,00000000,?,?,00428A50,AE31545A,?,00428A50), ref: 00428957
                                            • TerminateProcess.KERNEL32(00000000,?,00428940,00000000,?,?,00428A50,AE31545A,?,00428A50), ref: 0042895E
                                            • ExitProcess.KERNEL32 ref: 00428970
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 6d1fd4b71a87ec7b3170e5586050a54d9791563e93a0dfb0b18a49865d4309d6
                                            • Instruction ID: 808adf8508e72cc70fe1fc9dd0a8f5738e002ca5ec64e5c93cb8472c025b5a26
                                            • Opcode Fuzzy Hash: 6d1fd4b71a87ec7b3170e5586050a54d9791563e93a0dfb0b18a49865d4309d6
                                            • Instruction Fuzzy Hash: 3BD05E71001214BFCF002F61ED0D96E3F66AF01344B804029BA0885031CF758881CA8D
                                            Function 00432098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004320C1
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0043226D
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.1740948671.0000000000432000.00000040.00000001.01000000.00000003.sdmp, Offset: 00432000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_432000_UGcjMkPWwW.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                            • Instruction ID: 1d1c6bacfa6552b53e9476c3e2734ff818dc263eff0a877855a85f09b318e423
                                            • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                            • Instruction Fuzzy Hash: FF719C71A04249DFDB41CF98CA81BEEBBF0BB09314F245096E565F7241C278AA81DF69
                                            Function 00432098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 79 432098-4320ca VirtualAlloc 80 432270-432274 79->80 81 4320d0-4320d4 79->81 82 4320dd-4320e4 81->82 83 4320f1-4320f8 82->83 84 4320e6-4320ef 82->84 86 4320fc-43210e 83->86 84->82 87 432133-43213b 86->87 88 432110-432116 86->88 91 43213d-432143 87->91 92 43219c-4321a2 87->92 89 432118 88->89 90 43211d-432130 88->90 97 432260-43226d VirtualFree 89->97 90->87 93 432145 91->93 94 43214a-432167 91->94 95 4321a4 92->95 96 4321a9-4321b0 92->96 93->97 98 432169 94->98 99 43216e-432197 94->99 95->97 100 4321b2 96->100 101 4321b7-4321fa 96->101 97->80 98->97 102 43225b 99->102 100->97 103 432203-432209 101->103 102->86 103->102 104 43220b-432238 103->104 105 43223a 104->105 106 43223c-432259 104->106 105->102 106->103
                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004320C1
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0043226D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                            • Instruction ID: 1d1c6bacfa6552b53e9476c3e2734ff818dc263eff0a877855a85f09b318e423
                                            • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                            • Instruction Fuzzy Hash: FF719C71A04249DFDB41CF98CA81BEEBBF0BB09314F245096E565F7241C278AA81DF69
                                            Function 0042C211 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 116 42c211-42c23b 117 42c241-42c243 116->117 118 42c23d-42c23f 116->118 120 42c245-42c247 117->120 121 42c249-42c250 call 42c146 117->121 119 42c292-42c295 118->119 120->119 123 42c255-42c259 121->123 124 42c25b-42c269 GetProcAddress 123->124 125 42c278-42c28f 123->125 124->125 126 42c26b-42c276 call 42811b 124->126 127 42c291 125->127 126->127 127->119
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 706acf719c5e72759b301f4d816fb17e51d545d9e6e5775b29a5cf0ab82d4473
                                            • Instruction ID: cf0c724444a35943ec148e7efeaf846af75bfe3e4fd878de668fcd38a5d9cb5e
                                            • Opcode Fuzzy Hash: 706acf719c5e72759b301f4d816fb17e51d545d9e6e5775b29a5cf0ab82d4473
                                            • Instruction Fuzzy Hash: D901D6377002309B9B218FE9FCC196B3365ABC63207604166F90497154DE359C45A7AD

                                            Non-executed Functions

                                            Function 004255A9 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004255B5
                                            • IsDebuggerPresent.KERNEL32 ref: 00425681
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004256A1
                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 004256AB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                            • String ID:
                                            • API String ID: 254469556-0
                                            • Opcode ID: d07516bcd21c32ed5460a08b7b444bc6836ac26712ed709662b82df8d9590281
                                            • Instruction ID: fa5087e94c73491df1197bb193d4d4cc3487b3ee9e68a0fe906e4cbde15661b4
                                            • Opcode Fuzzy Hash: d07516bcd21c32ed5460a08b7b444bc6836ac26712ed709662b82df8d9590281
                                            • Instruction Fuzzy Hash: E6313C75D01328DBDB10DF60D989BCDBBF8AF04304F5040AAE40DA7250EB749A84CF48
                                            Function 00429AB4 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00429BAC
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00429BB6
                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00429BC3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID:
                                            • API String ID: 3906539128-0
                                            • Opcode ID: 9a5ae9b1e05cc60b6f2d641c3970c8e45f75c7d52e2c438701dbd461c97d5e36
                                            • Instruction ID: 1264163af521f070e0aeb0a43a900b2aa2259b27ce75f0fe6d77f0f388f04414
                                            • Opcode Fuzzy Hash: 9a5ae9b1e05cc60b6f2d641c3970c8e45f75c7d52e2c438701dbd461c97d5e36
                                            • Instruction Fuzzy Hash: BD31C6749012289BCB21DF65E98978DBBB8BF08314F9041EAE80CA7250E7749F85CF58
                                            Function 00430BC1 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00430BBC,?,?,00000008,?,?,004307BF,00000000), ref: 00430DEE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: 6e649662780a3af17f838e288bea4e27905cf2cec2d49001a490b4225a6890df
                                            • Instruction ID: b76e54958b890168b6281f8095d1dc1cd3988fc868d0e6cd58f8f58df6203020
                                            • Opcode Fuzzy Hash: 6e649662780a3af17f838e288bea4e27905cf2cec2d49001a490b4225a6890df
                                            • Instruction Fuzzy Hash: 8DB16D31610608CFD719CF28C496B657BE0FF49364F299659E89ACF3A1C339E992CB44
                                            Function 00425845 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0042585B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FeaturePresentProcessor
                                            • String ID:
                                            • API String ID: 2325560087-0
                                            • Opcode ID: a922d18238b6887ff41489d84f11fd925fe743140e25d338ba365e1dc67a5c98
                                            • Instruction ID: 2dcea7eb3f4219241086307f8de7357b35c61acbe6daa653289a9727ab7ffc44
                                            • Opcode Fuzzy Hash: a922d18238b6887ff41489d84f11fd925fe743140e25d338ba365e1dc67a5c98
                                            • Instruction Fuzzy Hash: 27518BB1A116258BEB28CF59E8827ABBBF0FB49310F14892AC405EB350D379DD40DF58
                                            Function 00432277 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.1740948671.0000000000432000.00000040.00000001.01000000.00000003.sdmp, Offset: 00432000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_432000_UGcjMkPWwW.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                            • Instruction ID: 51dccf1c194d7b069ec4781486d2ceab18fb31f6958312bee16b600ab04a859d
                                            • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                            • Instruction Fuzzy Hash: 3DF06D79A00210CF8B24CF49DA48C97B7F6FB89720B6555E6E4049B321D3F8ED45CBA5
                                            Function 00432277 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                            • Instruction ID: 51dccf1c194d7b069ec4781486d2ceab18fb31f6958312bee16b600ab04a859d
                                            • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                            • Instruction Fuzzy Hash: 3DF06D79A00210CF8B24CF49DA48C97B7F6FB89720B6555E6E4049B321D3F8ED45CBA5
                                            Function 004272D1 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 160 4272d1-4272fc call 427e99 163 427302-427305 160->163 164 427670-427675 call 4291a7 160->164 163->164 166 42730b-427314 163->166 168 427411-427417 166->168 169 42731a-42731e 166->169 170 42741f-42742d 168->170 169->168 171 427324-42732b 169->171 172 427433-427437 170->172 173 4275d9-4275dc 170->173 174 427343-427348 171->174 175 42732d-427334 171->175 172->173 179 42743d-427444 172->179 176 4275de-4275e1 173->176 177 4275ff-427608 call 426913 173->177 174->168 178 42734e-427356 call 426913 174->178 175->174 180 427336-42733d 175->180 176->164 181 4275e7-4275fc call 427676 176->181 177->164 193 42760a-42760e 177->193 178->193 194 42735c-427375 call 426913 * 2 178->194 183 427446-42744d 179->183 184 42745c-427462 179->184 180->168 180->174 181->177 183->184 188 42744f-427456 183->188 189 427468-42748f call 426cc4 184->189 190 427579-42757d 184->190 188->173 188->184 189->190 206 427495-427498 189->206 196 427589-427595 190->196 197 42757f-427588 call 4265a0 190->197 194->164 219 42737b-427381 194->219 196->177 198 427597-4275a1 196->198 197->196 203 4275a3-4275a5 198->203 204 4275af-4275b1 198->204 203->177 207 4275a7-4275ab 203->207 208 4275b3-4275c6 call 426913 * 2 204->208 209 4275c8-4275d5 call 427d59 204->209 211 42749b-4274b0 206->211 207->177 212 4275ad 207->212 238 42760f call 4290eb 208->238 227 4275d7 209->227 228 427634-427649 call 426913 * 2 209->228 215 4274b6-4274b9 211->215 216 42755a-42756d 211->216 212->208 215->216 221 4274bf-4274c7 215->221 216->211 220 427573-427576 216->220 224 427383-427387 219->224 225 4273ad-4273b5 call 426913 219->225 220->190 221->216 226 4274cd-4274e1 221->226 224->225 232 427389-427390 224->232 242 4273b7-4273d7 call 426913 * 2 call 427d59 225->242 243 427419-42741c 225->243 233 4274e4-4274f5 226->233 227->177 256 42764b 228->256 257 42764e-42766b call 426eb7 call 427c59 call 427e16 call 427bd0 228->257 239 427392-427399 232->239 240 4273a4-4273a7 232->240 234 4274f7-427508 call 4277ac 233->234 235 42751b-427528 233->235 253 42750a-427513 234->253 254 42752c-427554 call 427251 234->254 235->233 245 42752a 235->245 252 427614-42762f call 4265a0 call 427960 call 427f46 238->252 239->240 247 42739b-4273a2 239->247 240->164 240->225 242->243 274 4273d9-4273de 242->274 243->170 251 427557 245->251 247->225 247->240 251->216 252->228 253->234 259 427515-427518 253->259 254->251 256->257 257->164 259->235 274->238 276 4273e4-4273f7 call 4279b5 274->276 276->252 281 4273fd-427409 276->281 281->238 282 42740f 281->282 282->276
                                            APIs
                                            • type_info::operator==.LIBVCRUNTIME ref: 004273F0
                                            • ___TypeMatch.LIBVCRUNTIME ref: 004274FE
                                            • CatchIt.LIBVCRUNTIME ref: 0042754F
                                            • _UnwindNestedFrames.LIBCMT ref: 00427650
                                            • CallUnexpected.LIBVCRUNTIME ref: 0042766B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                            • String ID: csm$csm$csm$lmD
                                            • API String ID: 4119006552-827323207
                                            • Opcode ID: c899ba6b0d738f2517bab08d06f3900dbdfe424a19a2c780e06e3e91c03e1b23
                                            • Instruction ID: 42c92b99c1a643d3c6d44ac7a2922c8e103c21cb66584a050499088af8400460
                                            • Opcode Fuzzy Hash: c899ba6b0d738f2517bab08d06f3900dbdfe424a19a2c780e06e3e91c03e1b23
                                            • Instruction Fuzzy Hash: ECB19F71A04229EFCF24DFA5E8419AEBB75FF04314B94459BE8006B302D739DA51CF99
                                            Function 004263D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 283 4263d0-426421 call 431400 call 426390 call 4268c7 290 426423-426435 283->290 291 42647d-426480 283->291 292 4264a0-4264a9 290->292 293 426437-42644e 290->293 291->292 294 426482-42648f call 4268b0 291->294 295 426450-42645e call 426850 293->295 296 426464 293->296 300 426494-42649d call 426390 294->300 305 426460 295->305 306 426474-42647b 295->306 299 426467-42646c 296->299 299->293 302 42646e-426470 299->302 300->292 302->292 307 426472 302->307 308 426462 305->308 309 4264aa-4264b3 305->309 306->300 307->300 308->299 310 4264b5-4264bc 309->310 311 4264ed-4264fd call 426890 309->311 310->311 312 4264be-4264cd call 4311e0 310->312 316 426511-42652d call 426390 call 426870 311->316 317 4264ff-42650e call 4268b0 311->317 321 4264ea 312->321 322 4264cf-4264e7 312->322 317->316 321->311 322->321
                                            APIs
                                            • _ValidateLocalCookies.LIBCMT ref: 00426407
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0042640F
                                            • _ValidateLocalCookies.LIBCMT ref: 00426498
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 004264C3
                                            • _ValidateLocalCookies.LIBCMT ref: 00426518
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                            • String ID: csm$eUB
                                            • API String ID: 1170836740-2481692299
                                            • Opcode ID: 74915bb8a68f282e7ffd95cbd81a69712ea3092acfb389c882bf03107c2d9937
                                            • Instruction ID: cbd224f3955dfe1ff9b6cf5edf2743e978bc78bda04d7a4e03515c55052f784d
                                            • Opcode Fuzzy Hash: 74915bb8a68f282e7ffd95cbd81a69712ea3092acfb389c882bf03107c2d9937
                                            • Instruction Fuzzy Hash: 5641D734B002649BCF10EF69D841A9E7BB4BF05318F95809BE8145B352D779EE05CB98
                                            Function 00428990 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 329 428990-4289cd GetModuleHandleExW 330 4289f0-4289f4 329->330 331 4289cf-4289e1 GetProcAddress 329->331 333 4289f6-4289f9 FreeLibrary 330->333 334 4289ff-428a0c 330->334 331->330 332 4289e3-4289ee 331->332 332->330 333->334
                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,AE31545A,?,?,00000000,004314CF,000000FF,?,0042896C,00428A50,?,00428940,00000000), ref: 004289C5
                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004289D7
                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,004314CF,000000FF,?,0042896C,00428A50,?,00428940,00000000), ref: 004289F9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$eUB$mscoree.dll
                                            • API String ID: 4061214504-1419635457
                                            • Opcode ID: 029d5685d3954f57eac01f59dc558c51f75b40cd36c83bcdcb9b9ec749be6049
                                            • Instruction ID: 28ef91845ba615b6821bcf1f0dff294df6d1a62ebeca2698181fa43b94decb8d
                                            • Opcode Fuzzy Hash: 029d5685d3954f57eac01f59dc558c51f75b40cd36c83bcdcb9b9ec749be6049
                                            • Instruction Fuzzy Hash: 1801A776A50625AFDB258F40DD05BAF7BF9FB04710F40062AF911A2290DFB89940CB48
                                            Function 00426921 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 336 426921-426928 337 42692a-42692c 336->337 338 42692d-426948 GetLastError call 426c04 336->338 341 426961-426963 338->341 342 42694a-42694c 338->342 343 4269a7-4269b2 SetLastError 341->343 342->343 344 42694e-42695f call 426c3f 342->344 344->341 347 426965-426975 call 4291eb 344->347 350 426977-426987 call 426c3f 347->350 351 426989-426999 call 426c3f 347->351 350->351 357 42699b-42699d 350->357 356 42699f-4269a6 call 429127 351->356 356->343 357->356
                                            APIs
                                            • GetLastError.KERNEL32(?,?,00426918,0042674C,0042578C), ref: 0042692F
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0042693D
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00426956
                                            • SetLastError.KERNEL32(00000000,00426918,0042674C,0042578C), ref: 004269A8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: d029989aa53804120328c31175eda8f23931a7bc88744946d9017036b4507509
                                            • Instruction ID: 56b5dd0bef56fe4180834679e993d1ca8bec630c66bf609ed1d707c677ae55de
                                            • Opcode Fuzzy Hash: d029989aa53804120328c31175eda8f23931a7bc88744946d9017036b4507509
                                            • Instruction Fuzzy Hash: CE01D8B77093325EAA282B7ABC9562766A4DB06778761023FF120451E0EF6D4C51E14C
                                            Function 0042707A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AdjustPointer
                                            • String ID: eUB
                                            • API String ID: 1740715915-3997391220
                                            • Opcode ID: 632423e69c114c35bb1f4a699fccf7858217b78447d18c7da5d2dc1338dff0e7
                                            • Instruction ID: f28080893e5777fedc371b4c931780b0fb60f5d99e3e5f5d80e6dfac6ae781a5
                                            • Opcode Fuzzy Hash: 632423e69c114c35bb1f4a699fccf7858217b78447d18c7da5d2dc1338dff0e7
                                            • Instruction Fuzzy Hash: 7E51CF71709622AFEB288F51F841B7B77A5EF40304F94452FE801473A1E739ACA4C7A8
                                            Function 0042A6EB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Strings
                                            • C:\Users\user\Desktop\UGcjMkPWwW.exe, xrefs: 0042A707
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: C:\Users\user\Desktop\UGcjMkPWwW.exe
                                            • API String ID: 0-3717239802
                                            • Opcode ID: aa35fc46445b2cbf1722f12c737f62f15449847a2fdd5f02eaec3c81865b653b
                                            • Instruction ID: 9a5f2fff47c571f02d64de571845fab174efbf07e347b44596d07a3f04ba9351
                                            • Opcode Fuzzy Hash: aa35fc46445b2cbf1722f12c737f62f15449847a2fdd5f02eaec3c81865b653b
                                            • Instruction Fuzzy Hash: 3B219535700625BFDB10AF62EC8092B77B8AF80369B90452BFD15D7251D738EC2097AE
                                            Function 00427676 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • EncodePointer.KERNEL32(00000000,?), ref: 0042769B
                                            • CatchIt.LIBVCRUNTIME ref: 00427781
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CatchEncodePointer
                                            • String ID: MOC$RCC
                                            • API String ID: 1435073870-2084237596
                                            • Opcode ID: 31e887f66186c2f0197da911b521aaeb19d1b825478213455f43e1c3360e8274
                                            • Instruction ID: 8e8a16073f02f2d35a0acf408d1116429337cbafd957c9d609090b98aabe8d57
                                            • Opcode Fuzzy Hash: 31e887f66186c2f0197da911b521aaeb19d1b825478213455f43e1c3360e8274
                                            • Instruction Fuzzy Hash: 02419C71A00119AFDF15DF98ED81EEE7BB5FF48304F64809AF904A7211D339A950DB58
                                            Function 00426B43 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00426AF4,00000000,?,00449C78,?,?,?,00426C97,00000004,InitializeCriticalSectionEx,00442CC0,InitializeCriticalSectionEx), ref: 00426B50
                                            • GetLastError.KERNEL32(?,00426AF4,00000000,?,00449C78,?,?,?,00426C97,00000004,InitializeCriticalSectionEx,00442CC0,InitializeCriticalSectionEx,00000000,?,00426A17), ref: 00426B5A
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00426B82
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: LibraryLoad$ErrorLast
                                            • String ID: api-ms-
                                            • API String ID: 3177248105-2084034818
                                            • Opcode ID: 04d1a227f8592f0f36f58b166f6e8ea8f273836b90f847e668ea6642503f347e
                                            • Instruction ID: d8b2cf26f80f7b18f511fb70c89a3b3d198aab723c8060b7f01e79de32ddc76d
                                            • Opcode Fuzzy Hash: 04d1a227f8592f0f36f58b166f6e8ea8f273836b90f847e668ea6642503f347e
                                            • Instruction Fuzzy Hash: 53E04F30780214FBEF201BA1FD06F5A3EA5AF11B55FA04031FA0DE91E1DBA6E950C95D
                                            Function 0042DF81 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetConsoleOutputCP.KERNEL32(AE31545A,00000000,00000000,?), ref: 0042DFE4
                                              • Part of subcall function 0042B2B9: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0042DC5F,?,00000000,-00000008), ref: 0042B31A
                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0042E236
                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0042E27C
                                            • GetLastError.KERNEL32 ref: 0042E31F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                            • String ID:
                                            • API String ID: 2112829910-0
                                            • Opcode ID: 7c78c18f2f6d27d93736e830757c9050804cdca91c7b0fa199330a3b779d4dc9
                                            • Instruction ID: 397b5744dc7c01f9b81ba8a0b7f648e55679691bae4bc1c5111e6adcb4fb97c4
                                            • Opcode Fuzzy Hash: 7c78c18f2f6d27d93736e830757c9050804cdca91c7b0fa199330a3b779d4dc9
                                            • Instruction Fuzzy Hash: DDD1AF75E00268DFCB15CFA9E8809EEBBB4FF09304F58416AE956EB351D634AD02CB54
                                            Function 00429F05 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042B2B9: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0042DC5F,?,00000000,-00000008), ref: 0042B31A
                                            • GetLastError.KERNEL32 ref: 00429F69
                                            • __dosmaperr.LIBCMT ref: 00429F70
                                            • GetLastError.KERNEL32(?,?,?,?), ref: 00429FAA
                                            • __dosmaperr.LIBCMT ref: 00429FB1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 1913693674-0
                                            • Opcode ID: 082dc66e4fbf717edbe3b8d6a88fe0012bc2c8d417f8efd6154159dfc7aafffc
                                            • Instruction ID: 9cd7c7b3116b686667c183bae5f9e1aa89debd366cfd8112480beadb1d04cde6
                                            • Opcode Fuzzy Hash: 082dc66e4fbf717edbe3b8d6a88fe0012bc2c8d417f8efd6154159dfc7aafffc
                                            • Instruction Fuzzy Hash: CD21C831704635AFDB50AF62E98096BB7A9EF00368F81852FF919D7200D738EC508759
                                            Function 0042B35C Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32 ref: 0042B364
                                              • Part of subcall function 0042B2B9: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0042DC5F,?,00000000,-00000008), ref: 0042B31A
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0042B39C
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0042B3BC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 158306478-0
                                            • Opcode ID: 66ad459253cfc935fcf3dd62c29a64a44d8f69eae4986219932ecdd20693aa94
                                            • Instruction ID: d0abd4c918b4875348a2a3da25587772f2f57c447c300400ad91dc4316027fd6
                                            • Opcode Fuzzy Hash: 66ad459253cfc935fcf3dd62c29a64a44d8f69eae4986219932ecdd20693aa94
                                            • Instruction Fuzzy Hash: 5111A1B6705635BF6611A7727CCDD7F6A6CCE453A8791002AF901A1201EFA8DD0182F9
                                            Function 0042F756 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0042EF14,00000000,00000001,00000000,?,?,0042E373,?,00000000,00000000), ref: 0042F76D
                                            • GetLastError.KERNEL32(?,0042EF14,00000000,00000001,00000000,?,?,0042E373,?,00000000,00000000,?,?,?,0042E916,00000000), ref: 0042F779
                                              • Part of subcall function 0042F73F: CloseHandle.KERNEL32(FFFFFFFE,0042F789,?,0042EF14,00000000,00000001,00000000,?,?,0042E373,?,00000000,00000000,?,?), ref: 0042F74F
                                            • ___initconout.LIBCMT ref: 0042F789
                                              • Part of subcall function 0042F701: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0042F730,0042EF01,?,?,0042E373,?,00000000,00000000,?), ref: 0042F714
                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0042EF14,00000000,00000001,00000000,?,?,0042E373,?,00000000,00000000,?), ref: 0042F79E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                            • String ID:
                                            • API String ID: 2744216297-0
                                            • Opcode ID: 159a020eca81b7e527a1eb7b2f18453f01339d408ffdf505323da284aeb4e3f4
                                            • Instruction ID: e7c4429fde62967a16863e015506391a56bad62625ccec9f9240a8f05a8a0e82
                                            • Opcode Fuzzy Hash: 159a020eca81b7e527a1eb7b2f18453f01339d408ffdf505323da284aeb4e3f4
                                            • Instruction Fuzzy Hash: A2F0C73A511129BBCF122FD6EC04E9B3F76FF463A1B954435FA1895230C6728C24DB98
                                            Function 004302B3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                            Download Yara Rule
                                            APIs
                                            • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0042FC1F), ref: 004302CC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: DecodePointer
                                            • String ID: eUB$tcD
                                            • API String ID: 3527080286-2036034393
                                            • Opcode ID: 5f4e5c8b7e88d1cc567b515e22c0d42db2be24567f4fd25027bdae07b30c8691
                                            • Instruction ID: 1109ff3070e9ab034d1f99b9461635cd92766f9374cd271834475795bb9484a6
                                            • Opcode Fuzzy Hash: 5f4e5c8b7e88d1cc567b515e22c0d42db2be24567f4fd25027bdae07b30c8691
                                            • Instruction Fuzzy Hash: 6F51BF7090060ACBDF108F58E86C1AEBB70FF0E300F515257D981A7264CB7C8A65CB5E
                                            Function 00427F46 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(E06D7363,00000001,00000003,00000004,?,?,00000000,00000000,00000004,00427670,00000000), ref: 00427FA6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID: eUB$pvB
                                            • API String ID: 3997070919-2693038244
                                            • Opcode ID: 1e4afb778578ad3913132c06e46d8728d4392a6842548b4f9d073f500c4dc1fe
                                            • Instruction ID: 2796cc4bab5a1890bdbccac4bcd3f6d5321af1687e4df1d58257056d58e9a9c1
                                            • Opcode Fuzzy Hash: 1e4afb778578ad3913132c06e46d8728d4392a6842548b4f9d073f500c4dc1fe
                                            • Instruction Fuzzy Hash: 8F01A776B04218ABCB059F59DA40B9EBBB9FF48704F55405AE9059B3A0D774DD00CBD0
                                            Function 0042C3F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 0042C434
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpin
                                            • String ID: InitializeCriticalSectionEx$eUB
                                            • API String ID: 2593887523-3452185082
                                            • Opcode ID: 3718dd1ee9f2642713c8738bb8712c0e22e7195d3b4ae32ffbd86dc565bc3811
                                            • Instruction ID: f9a2d2a80f7e2f66783eb26b027e1c9071712ea0d40ba1bb39305f81837caad6
                                            • Opcode Fuzzy Hash: 3718dd1ee9f2642713c8738bb8712c0e22e7195d3b4ae32ffbd86dc565bc3811
                                            • Instruction Fuzzy Hash: DBE09235680228B7DF212F81ED06F9F7F12EB54B61B908022FE1916160CAB54920E7D8
                                            Function 0042C2F5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1744147121.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                            • Associated: 00000000.00000002.1744136478.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744181306.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744193812.0000000000442000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744205124.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1744217355.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3d0000_UGcjMkPWwW.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Alloc
                                            • String ID: FlsAlloc$eUB
                                            • API String ID: 2773662609-4175585831
                                            • Opcode ID: 0b5146336f4cacc3e6d64e048c7cbdf8463e2b4b43b6eaefa384f518ba9f0be9
                                            • Instruction ID: b9d0f37efbb107baf2aa6f6089a30300c236fca2691ab903e8f09426f1877535
                                            • Opcode Fuzzy Hash: 0b5146336f4cacc3e6d64e048c7cbdf8463e2b4b43b6eaefa384f518ba9f0be9
                                            • Instruction Fuzzy Hash: E6E0C23ABC0338B39A2023916E0AB9E7D44CBD9B60BD00033FF05662519EE90D1182DE

                                            Executed Functions

                                            Function 00AF02D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00AF0326
                                              • Part of subcall function 00AF00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 00AF00CD
                                              • Part of subcall function 00AF00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00AF0279
                                            • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00AF0378
                                            • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 00AF03E7
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00AF0407
                                            • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 00AF042E
                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00AF0456
                                            • CloseHandle.KERNELBASE(?), ref: 00AF0471
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000003.1743747061.0000000000AF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_3_af0000_OpenWith.jbxd
                                            Similarity
                                            • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                            • String ID: ,
                                            • API String ID: 3867569247-3772416878
                                            • Opcode ID: 34919759cab89c45596a3336aca0d90db3a2564f30e7825e5c793611e7351f71
                                            • Instruction ID: 8542271ced93e057b65a52cb377c174c8eaaa89f2b41a4a7f862530d66377e1c
                                            • Opcode Fuzzy Hash: 34919759cab89c45596a3336aca0d90db3a2564f30e7825e5c793611e7351f71
                                            • Instruction Fuzzy Hash: 8A610DB5900209EFDB20DFA5C984EEEBBB9FF08355F148529FA59A7241D730E940CB60
                                            Function 00AF00A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 00AF00CD
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00AF0279
                                            Memory Dump Source
                                            • Source File: 00000001.00000003.1743747061.0000000000AF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_3_af0000_OpenWith.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                            • Instruction ID: 5ae9d0a91a08e571b56469c844824b11357c7538125900eb9c4738f692f790c5
                                            • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                            • Instruction Fuzzy Hash: 1A718A71A0424ADFDB41CF98C985BEDBBF0AB19314F244095E665FB242C334AA91DF64

                                            Execution Graph

                                            Execution Coverage:34.5%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:71.4%
                                            Total number of Nodes:28
                                            Total number of Limit Nodes:0
                                            execution_graph 412 251d30919a0 413 251d30919b3 412->413 414 251d30919d2 VirtualFree 413->414 415 251d30919e7 413->415 414->415 416 251d3091cd0 418 251d3091cf5 416->418 417 251d3091f7d 418->417 427 251d30915ac 418->427 420 251d3091f74 CloseHandle 420->417 421 251d3091f64 NtAcceptConnectPort 421->420 422 251d3091e16 422->420 422->421 424 251d3091ea9 422->424 430 251d3090ac8 422->430 424->424 436 251d3091a90 NtAcceptConnectPort 424->436 428 251d30915e0 NtAcceptConnectPort 427->428 428->422 431 251d3090c4b 430->431 432 251d3090ae8 430->432 431->424 432->431 433 251d3090bd1 NtAcceptConnectPort 432->433 433->431 434 251d3090c04 433->434 434->431 435 251d3090c1c NtAcceptConnectPort 434->435 435->431 437 251d3091ae3 436->437 441 251d3091bf0 436->441 442 251d309185c 437->442 439 251d3091afc 440 251d3091ba2 NtAcceptConnectPort 439->440 440->441 441->421 444 251d3091875 442->444 443 251d3091935 443->439 444->443 445 251d309191c GetProcessMitigationPolicy 444->445 445->443

                                            Callgraph

                                            Executed Functions

                                            Function 00007DF40154B498 Relevance: 28.5, APIs: 13, Strings: 3, Instructions: 544nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort$DuplicateHandlecalloc
                                            • String ID: ,$H$H
                                            • API String ID: 2577638757-438696205
                                            • Opcode ID: 9fb62eb4d8959293fc2d40b19de36242d3d29fe68d1ba52932dcd9bec1ad6912
                                            • Instruction ID: fe1d2aaf624d3f916c827d0e42b60fda91d129a6964930caacbb8d4a3476f17d
                                            • Opcode Fuzzy Hash: 9fb62eb4d8959293fc2d40b19de36242d3d29fe68d1ba52932dcd9bec1ad6912
                                            • Instruction Fuzzy Hash: D302B63061CA989FE768DF58D8856AAB3E0FBD8305F10453ED58FD32A4DA74E5418B82
                                            Function 00007DF40154BCC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort$free
                                            • String ID: $0$@
                                            • API String ID: 2328307678-2347541974
                                            • Opcode ID: d8fdb236a247b9205c502de8d0d979f89367b2180e7993cbf521bb03780d7e1e
                                            • Instruction ID: c213447563354f977a2d819e0af72cddb9327ba73a9f1a51eae49336d58fd604
                                            • Opcode Fuzzy Hash: d8fdb236a247b9205c502de8d0d979f89367b2180e7993cbf521bb03780d7e1e
                                            • Instruction Fuzzy Hash: 6651913052C7989FE768DF28D4857AA77E0FBC9304F10452EE58EC6255DB74E4858B83
                                            Function 00007DF40154BE6C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPortcalloc
                                            • String ID: $0$@
                                            • API String ID: 2195583734-2347541974
                                            • Opcode ID: e038bc6975502a75aa15522c9d2aad796b46013016ac9629b0cf3dc02c1d6b17
                                            • Instruction ID: cc0a70444962959a889a1e476339f43f4decef05f8b6c46bb5512655ebdb4325
                                            • Opcode Fuzzy Hash: e038bc6975502a75aa15522c9d2aad796b46013016ac9629b0cf3dc02c1d6b17
                                            • Instruction Fuzzy Hash: 1B51393060DB899FE764DF689484BABB7E4EBD8304F10492EE48EC7264EB75D4448B42
                                            Function 00000251D31030C7 Relevance: 7.9, APIs: 5, Instructions: 390nativememoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.1863513864.00000251D3100000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000251D3100000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_251d3100000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort$FreeHeap
                                            • String ID:
                                            • API String ID: 2519882481-0
                                            • Opcode ID: 06103e6240192ff0ea4d22a768af3a34bd3b5889dbd62609acb6a2f682bb8b02
                                            • Instruction ID: 0a80a119d72a29b6e99fbcb0e0e143e0b5d7fbe4979e3f6201f0b0c3e15f97d8
                                            • Opcode Fuzzy Hash: 06103e6240192ff0ea4d22a768af3a34bd3b5889dbd62609acb6a2f682bb8b02
                                            • Instruction Fuzzy Hash: 35C17730218F198FDB68EF18D489B69B7F1FB98311F004A5EE48AC7256DB34E855C785
                                            Function 00007DF401541B18 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                            • String ID:
                                            • API String ID: 2502124517-0
                                            • Opcode ID: 584620923d8bee05c4cd2b55fbc688861300e251001a2660cae9de72a1f183dd
                                            • Instruction ID: 0e05f1c5d55cf197bb3a57d6c20ea3f8321c081e39d8bb1db0a9ea4ff9119c3a
                                            • Opcode Fuzzy Hash: 584620923d8bee05c4cd2b55fbc688861300e251001a2660cae9de72a1f183dd
                                            • Instruction Fuzzy Hash: E0319370608A488FE794DF28D8D875A77F1FB94314F10462AD05BC71E4DF78D8858B81
                                            Function 00007DF40154C7CC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 82COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: d4dd2c9ec2e40b847152b417cb6d645fdeafd31ca8a11a7a04321dd5438b40c0
                                            • Instruction ID: d9dfb4c577e226ed1c7cfff61b9e7e05f76f438294cab3f493f0f89ac4c7569c
                                            • Opcode Fuzzy Hash: d4dd2c9ec2e40b847152b417cb6d645fdeafd31ca8a11a7a04321dd5438b40c0
                                            • Instruction Fuzzy Hash: EA21D131B0DA989FF754DF68888476A72E1FBC8329F50053FE44AD72A4D638A8848741
                                            Function 00007DF40154C70C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 47ebd45c6b9b16ee77b28bcb10b07460bf5cba96d3288197dd2caf634787b8b3
                                            • Instruction ID: 903ce8b6164edacbfdfd80b8d64c92429498e352d3cd656fcb93743660253014
                                            • Opcode Fuzzy Hash: 47ebd45c6b9b16ee77b28bcb10b07460bf5cba96d3288197dd2caf634787b8b3
                                            • Instruction Fuzzy Hash: 6A21C031B0D9985FF750DE98888866B72F0EBD8309F60053FE50ED7264D738A9848781
                                            Function 00007DF401522634 Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: CloseHandleSuspendThread
                                            • String ID:
                                            • API String ID: 1038686644-0
                                            • Opcode ID: ee8ed1484b309d5b480d9ed41d064abcb8b4e034361352156597246fbc6f772d
                                            • Instruction ID: f64a02280bb4759af45628a893726e857dc9e1c1c745d9c2f50662b6f6453a7c
                                            • Opcode Fuzzy Hash: ee8ed1484b309d5b480d9ed41d064abcb8b4e034361352156597246fbc6f772d
                                            • Instruction Fuzzy Hash: BF91E636A0C6555BFB689B18C89517A73F1FF86310F18417EE04FDB5A9CA78E842CB81
                                            Function 00000251D3091CD0 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2117417948.00000251D3090000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000251D3090000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_251d3090000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptCloseConnectHandlePort
                                            • String ID:
                                            • API String ID: 3811980168-0
                                            • Opcode ID: 2998f17752da19f3229414bc30af807452c20e21bc577cde4fa90f5802e493a5
                                            • Instruction ID: fd970a71fce9f8b7fc077457e626cea0c20dcd64fae316e11db11941cf23f752
                                            • Opcode Fuzzy Hash: 2998f17752da19f3229414bc30af807452c20e21bc577cde4fa90f5802e493a5
                                            • Instruction Fuzzy Hash: 7191F830619E088FDB69EF1CC8857E573F0FB88311F18465EE49BC3296DA34A952CB95
                                            Function 00007DF4015222DC Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AllocInfoSystemVirtual
                                            • String ID:
                                            • API String ID: 3440192736-0
                                            • Opcode ID: 10974d638571623cb466fc5259723849182c6a649d453933aa228a33d07da908
                                            • Instruction ID: a891658c94f7e12533f093b819222b27fee7c8f7b80c90d1233754478658b840
                                            • Opcode Fuzzy Hash: 10974d638571623cb466fc5259723849182c6a649d453933aa228a33d07da908
                                            • Instruction Fuzzy Hash: 3851D53261CE5D4FF755EA6C944877A72E1FBE9300F14013AD44ED71A9EA78E88187C1
                                            Function 00000251D3090AC8 Relevance: 3.2, APIs: 2, Instructions: 173nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2117417948.00000251D3090000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000251D3090000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_251d3090000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 82f3aeb1d2454658223fb6d5b21d23051085e6a8eeabdc877af9343281df37cc
                                            • Instruction ID: e9c0014af654e59df3f4ad61fe057e6a4cb659c87e4ea3675e7aa0d25e0232aa
                                            • Opcode Fuzzy Hash: 82f3aeb1d2454658223fb6d5b21d23051085e6a8eeabdc877af9343281df37cc
                                            • Instruction Fuzzy Hash: 5B416F34A28E140AEB28E72C8C9A73977E2F7C530AF34855EE0E6C2192D539C5438755
                                            Function 00000251D3091A90 Relevance: 3.2, APIs: 2, Instructions: 150nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2117417948.00000251D3090000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000251D3090000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_251d3090000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort$MitigationPolicyProcess
                                            • String ID:
                                            • API String ID: 2923266908-0
                                            • Opcode ID: d10bc7eecf76d0dca438e32bd9e6ca23ea1b11bfffb6ce02bc94d4770511dc9b
                                            • Instruction ID: 992ab11a7e6fb02eafd2740d6736b35826d2395a6c3d76d19336f5eb773c9331
                                            • Opcode Fuzzy Hash: d10bc7eecf76d0dca438e32bd9e6ca23ea1b11bfffb6ce02bc94d4770511dc9b
                                            • Instruction Fuzzy Hash: 3B41CF30218F488FDB48DF2C98897967BD1EB59320F0443AEE85ACB2D7DA34D915C795
                                            Function 00007DF401574088 Relevance: 3.1, APIs: 2, Instructions: 93networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF4015741A9), ref: 00007DF4015740B5
                                              • Part of subcall function 00007DF401573C98: ioctlsocket.WS2_32 ref: 00007DF401573CC4
                                            • bind.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF4015741A9), ref: 00007DF40157413A
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: bindioctlsocketsocket
                                            • String ID:
                                            • API String ID: 3555158474-0
                                            • Opcode ID: 1cbeedcb49cdd83f56073e3a9aa9cf65c2d138516cd5c7d59cce1983b39e0131
                                            • Instruction ID: 9d515b3d4cd54ac23dc40b7dafdc6dd3692b0535b325da26656e76e9f4a982c2
                                            • Opcode Fuzzy Hash: 1cbeedcb49cdd83f56073e3a9aa9cf65c2d138516cd5c7d59cce1983b39e0131
                                            • Instruction Fuzzy Hash: 7221EC307189444FFB48AF34F88EA6633E1EB95325F10067AD82FDB2E9EE249C014651
                                            Function 00007DF40154D2F4 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 98531d878e0ad7d3d6690ce9736b63ba0a61470b6d8d195234036ffb9fe9491b
                                            • Instruction ID: 95cc187c82cfb1cb87771099ba14c09fc47a00788a0d2c3c985d35e4f3ab924a
                                            • Opcode Fuzzy Hash: 98531d878e0ad7d3d6690ce9736b63ba0a61470b6d8d195234036ffb9fe9491b
                                            • Instruction Fuzzy Hash: 7C214F3051CA488FEB49EB58D888B6673F1FBAC345F00452AE44AC72B4DBB4E984CB41
                                            Function 00007DF40154D3C0 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 9166209b5f367574360b80d64ced2ea26e8fa752ef609ccd6263efb912702e76
                                            • Instruction ID: ea8668ac63a458f319090d380498ebce4367c1f0d509eed116f6e9b58125b68f
                                            • Opcode Fuzzy Hash: 9166209b5f367574360b80d64ced2ea26e8fa752ef609ccd6263efb912702e76
                                            • Instruction Fuzzy Hash: A021623060CA588FEB54EF58D848BA673F1FBE9345F00052EE44AC72A0DBB4E884CB41
                                            Function 00007DF40154C47C Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 1a40425d81a0dda3cd82788b19327da5a379df3b5c3bd351d49e58af76a5eeec
                                            • Instruction ID: eedbfd8e295b0564d805468fe0cef401ebc7bb131eb016f3eaef672b40ca5517
                                            • Opcode Fuzzy Hash: 1a40425d81a0dda3cd82788b19327da5a379df3b5c3bd351d49e58af76a5eeec
                                            • Instruction Fuzzy Hash: 7B81A530A1DB999BF7649A5894446AFB3E0FFD4304F50853BE44FDB2A4DB78F8408681
                                            Function 00007DF401574520 Relevance: 1.7, APIs: 1, Instructions: 167networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: Recv
                                            • String ID:
                                            • API String ID: 4192927123-0
                                            • Opcode ID: 7916fdf4d3e942b440d7f5c412e90116e139ebed5d60f444feec34680a904e5a
                                            • Instruction ID: f51eaca0710b37e023acc313cab9157df224d3b1be51bc42172b6b2b656b71f0
                                            • Opcode Fuzzy Hash: 7916fdf4d3e942b440d7f5c412e90116e139ebed5d60f444feec34680a904e5a
                                            • Instruction Fuzzy Hash: F5515670508A899FEBA4EF28D489B96B7F0FF94314F50066AD44BCB5A5DB39E840CB41
                                            Function 00007DF40154C10C Relevance: 1.6, APIs: 1, Instructions: 121nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 5c97c20283281d0f686864c64b2abe35391f7ab31688f0fa8af160c1736108da
                                            • Instruction ID: 97003f34cb9a6931a9f7bcbc3f75c6aabcf6edd75c88caa28cef6625be11e283
                                            • Opcode Fuzzy Hash: 5c97c20283281d0f686864c64b2abe35391f7ab31688f0fa8af160c1736108da
                                            • Instruction Fuzzy Hash: 11310A31B0DA586FFB185E189C8557A73E0EBC9319F20563FE94FD72A5DA28BC024681
                                            Function 00007DF401542258 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: CryptDataUnprotect
                                            • String ID:
                                            • API String ID: 834300711-0
                                            • Opcode ID: a07a12428c7964199d363ccabf4b149c9f1c56c6408fd6f078d364f4c66a6574
                                            • Instruction ID: 790687a9a07dd7ae2fe636b8a43343542f616a7f24253120463f9b4447dfb1e9
                                            • Opcode Fuzzy Hash: a07a12428c7964199d363ccabf4b149c9f1c56c6408fd6f078d364f4c66a6574
                                            • Instruction Fuzzy Hash: 6C31723071CA884FE758DB68D88966FB7F1EBD9341F40452DF48AC7265DA74D8418B42
                                            Function 00007DF40157B104 Relevance: 1.6, APIs: 1, Instructions: 340COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6300fb348d49a47f7ce5e25661db4a1277b3c7de01d4304b532d2da97ee81cb4
                                            • Instruction ID: 089e81f959564cc12d5f5ac6ddcd3f5e8915e2fa420ef684c0dc21139bf0482f
                                            • Opcode Fuzzy Hash: 6300fb348d49a47f7ce5e25661db4a1277b3c7de01d4304b532d2da97ee81cb4
                                            • Instruction Fuzzy Hash: 6BC1C330608A549FEB58DF18D886BA577E0FB88300F10067AE84FDF25AC734A851CB85
                                            Function 00000251D30915AC Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 115 251d30915ac-251d30915de 116 251d30915e0-251d30915e3 115->116 117 251d30915e5-251d30915e7 115->117 118 251d309160b-251d3091659 NtAcceptConnectPort 116->118 119 251d30915e9-251d30915f5 117->119 120 251d30915f7-251d30915f9 117->120 119->118 121 251d3091609 120->121 122 251d30915fb-251d3091607 120->122 121->118 122->118
                                            APIs
                                            • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,00000251D3091E16), ref: 00000251D3091640
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2117417948.00000251D3090000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000251D3090000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_251d3090000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 835a411c94ef729b3118f684f14c42465dca72cdcacd8c0bc7bbe2bb8e6fff18
                                            • Instruction ID: c599ee391b192d98ccb1eed31491221507a39036c5f6315ff0305f9558996aef
                                            • Opcode Fuzzy Hash: 835a411c94ef729b3118f684f14c42465dca72cdcacd8c0bc7bbe2bb8e6fff18
                                            • Instruction Fuzzy Hash: D7216D71A18B088FDB58DF58C8C966AB7F1FBAC306F080A2EE44AC7260D730D485CB41
                                            Function 00007DF40154AC0C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: d99824a7b56689602d55d9b975c23b4966fb1dfc1a28fa016acf5b8b83f0fdf8
                                            • Instruction ID: 18e923d41bcea4a5e6df50cdfab8a2f44946f9e1eaff056901926bab6a8824b1
                                            • Opcode Fuzzy Hash: d99824a7b56689602d55d9b975c23b4966fb1dfc1a28fa016acf5b8b83f0fdf8
                                            • Instruction Fuzzy Hash: B6F0623491C7C59FDBA1EB688480B9ABBF0BBAA354F544A1EE8CDC3211D73595848B43
                                            Function 00007DF40154ADD4 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: af3340e2b301fb20eba4bd36f70d30fdbe005acca17dd1e0c445e9428843075b
                                            • Instruction ID: 03469886acb13a008b41bf8176d743327802dfd911cb7d5ee8b9ba0fed2d6457
                                            • Opcode Fuzzy Hash: af3340e2b301fb20eba4bd36f70d30fdbe005acca17dd1e0c445e9428843075b
                                            • Instruction Fuzzy Hash: C3F0D074A1CB948FDBA4EF2CD4C5B5977E1FB98304F504519E44DC7255EB3498808B46
                                            Function 00007DF40154AF60 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,00000000,?,?,00000000,00007DF40153341C), ref: 00007DF40154AF8A
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 1d9a6f3c19fc3a1664a9a6811ff4ba6c27299ee4e4794d390710366357d59dbc
                                            • Instruction ID: e684f35452e50d542f73f7b6bb6871da43270947077ff05a816ea7fb26ea410f
                                            • Opcode Fuzzy Hash: 1d9a6f3c19fc3a1664a9a6811ff4ba6c27299ee4e4794d390710366357d59dbc
                                            • Instruction Fuzzy Hash: DEE09B756186449FDB04DF94C8C186AB3F4FBD9304F004D3AE85BCB174D274D598C682
                                            Function 00007DF40154ACE8 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: a9327488733b823840a3f29582a089392b2a1446868cb63a967a810240f58cb8
                                            • Instruction ID: 5311f369492c60de74b09d9abc99b8ea85d703af65b133deff7cd77aeb9615bd
                                            • Opcode Fuzzy Hash: a9327488733b823840a3f29582a089392b2a1446868cb63a967a810240f58cb8
                                            • Instruction Fuzzy Hash: ACD0A730DACB894BE650B728C80061637F1FBD430CFD44614D88EC7254D23CE4418386
                                            Function 00007DF40154AD14 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 4927af5c10e17f27f2edd3b7dd4d43612d79bd47543f67f71f12626d98bff908
                                            • Instruction ID: c284fc6a4e2fe6c10d744d29454a7d3ea04fd13aafe6d9854fde6bbae0255678
                                            • Opcode Fuzzy Hash: 4927af5c10e17f27f2edd3b7dd4d43612d79bd47543f67f71f12626d98bff908
                                            • Instruction Fuzzy Hash: 3ED0A730EACBC94BE650B728890020A37E2FBD530CFD04624D88ED3264D23CE4018382
                                            Function 00007DF40154AE5C Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: eb8f498348e5c7f372421b27a3827434041340d731fc3728b954386bc4ea4cc4
                                            • Instruction ID: b86432dbe3e9846520596e7eb3b4e32468c8861d4a89cd1ffddeadd281edb957
                                            • Opcode Fuzzy Hash: eb8f498348e5c7f372421b27a3827434041340d731fc3728b954386bc4ea4cc4
                                            • Instruction Fuzzy Hash: 2CD05E24A68A894FE6A0A728894020637E2FBD5308F914618E44EC3214D23CE41142C2
                                            Function 00007DF40154ACC8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 333093483b5b65ac6ab85e83ccc52a142bbc301cae1d85d61a22b47e66de8b6c
                                            • Instruction ID: cfce525f7365045e5e4de1d4b929964b7b5bef0686181688f85899926cecd239
                                            • Opcode Fuzzy Hash: 333093483b5b65ac6ab85e83ccc52a142bbc301cae1d85d61a22b47e66de8b6c
                                            • Instruction Fuzzy Hash: 01C08C20AAD84B2BF9D462B98C8164620A0AB8C308F820010F80BD7198E42CE4E09396
                                            Function 00007DF40154AF40 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 953671860da08bf31fab518e05a010f803d920f951da2702e38e3d0cf3acdea6
                                            • Instruction ID: ed37863eb589a709d67f297bbf14256aa53a149974381fa933357267a296eee6
                                            • Opcode Fuzzy Hash: 953671860da08bf31fab518e05a010f803d920f951da2702e38e3d0cf3acdea6
                                            • Instruction Fuzzy Hash: BEC08C04AA981BBBF98862AA6CC035920A0AB88308F800011E42FD75D4E42CE4D44392
                                            Function 00007DF4015365E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID: rE\
                                            • API String ID: 544645111-988334199
                                            • Opcode ID: dc7abe3753608a406b2e8c4677f2e3e348cb1d8b9abc271147da51083885c1c3
                                            • Instruction ID: 162c8b267a065f6c898cc127e69cd12ba2e6593dfc7626a012de6b3cd0fe70fc
                                            • Opcode Fuzzy Hash: dc7abe3753608a406b2e8c4677f2e3e348cb1d8b9abc271147da51083885c1c3
                                            • Instruction Fuzzy Hash: C921AF317089485BEB54E758A891AAB72E6FBD8700F00003AE44BD7299DE2CEE0587C2
                                            Function 00007DF401533178 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-3916222277
                                            • Opcode ID: 45ee73fde44b844a7982fd6fa2bb9a274e67d6e904138dbe31d6ae3e461be495
                                            • Instruction ID: 2a434c0d31b7979f3e548ef7fd6e534100c68c92857aa19b48335f40a9c73550
                                            • Opcode Fuzzy Hash: 45ee73fde44b844a7982fd6fa2bb9a274e67d6e904138dbe31d6ae3e461be495
                                            • Instruction Fuzzy Hash: 0D110631A0889A1BF795A718EC646B6B3F1FBC4310F944136E44BD71F5DA1CE852C781
                                            Function 00007DF401573C98 Relevance: 4.6, APIs: 3, Instructions: 117COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: Completion$CreateFileModesNotificationPortioctlsocket
                                            • String ID:
                                            • API String ID: 1455841399-0
                                            • Opcode ID: b0ef64daf23010be4df91d754ff29401ba7eeb6e21b37df906d22bfb74ec9eab
                                            • Instruction ID: 7ac1873a8bdd6ed909c5c1cb1cc9b8296d000d41112ee8f41f1e2be8c899f82e
                                            • Opcode Fuzzy Hash: b0ef64daf23010be4df91d754ff29401ba7eeb6e21b37df906d22bfb74ec9eab
                                            • Instruction Fuzzy Hash: 5731DF3071C5945BFBE49B18F886A3732E5FF94364F50007AD40FEA1AADB29EC415686
                                            Function 00007DF401546654 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: InitializeUninitializefree
                                            • String ID:
                                            • API String ID: 1169324116-0
                                            • Opcode ID: 300bfe15e1352cda4c3c9a5eb26de8ea91f06f6889c64728d4398b9a5c111e42
                                            • Instruction ID: e12b2e2752712b090372264fb79cd2a01e86855303aedfaa66b563e12047b817
                                            • Opcode Fuzzy Hash: 300bfe15e1352cda4c3c9a5eb26de8ea91f06f6889c64728d4398b9a5c111e42
                                            • Instruction Fuzzy Hash: 07215031609A099FEF84EF38D849AAA77E0FF94315F00462AE84FD3155DB38E941CB90
                                            Function 00007DF4015372D0 Relevance: 4.5, APIs: 3, Instructions: 746COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free$callocmalloc
                                            • String ID:
                                            • API String ID: 1437353635-0
                                            • Opcode ID: 6cebd9367394abf21773eb1584d65681aa51e4210b0eb886ea29ebe4f46530e1
                                            • Instruction ID: b9983ea441cb32485ed5d4cfdf9555d89b08f3671ed8df9e0bb4a666ee13329a
                                            • Opcode Fuzzy Hash: 6cebd9367394abf21773eb1584d65681aa51e4210b0eb886ea29ebe4f46530e1
                                            • Instruction Fuzzy Hash: 01426070918F489FEB95EF28D489AAAB7F1FB98300F10462AD04FD7265DF34A545CB81
                                            Function 00007DF401524BE4 Relevance: 3.9, APIs: 3, Instructions: 126COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: malloc$free
                                            • String ID:
                                            • API String ID: 1480856625-0
                                            • Opcode ID: f833b09acc7dcda6218a08ced81fc052c99920b07a41f041528abf3627ace0e1
                                            • Instruction ID: 2eb038c03f9042a54e57b0f776997ed3cb0ad3f41026e246132b0ecd7a5c77bb
                                            • Opcode Fuzzy Hash: f833b09acc7dcda6218a08ced81fc052c99920b07a41f041528abf3627ace0e1
                                            • Instruction Fuzzy Hash: 85319532608A49ABF758EF58D849866B3F0FF95310B004226D81BDB5A5EF64F855C7C1
                                            Function 00000251D31033B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 344memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.1863513864.00000251D3100000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000251D3100000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_251d3100000_OpenWith.jbxd
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID: l
                                            • API String ID: 3298025750-2517025534
                                            • Opcode ID: 945787e355e9cefb289f3126088299a2a592093c218b6f331fdd883cb8990c47
                                            • Instruction ID: df9cb17b15b3300f57fcbf8a30ec2a68bba1f0e8d63a08b0f049752a618baeec
                                            • Opcode Fuzzy Hash: 945787e355e9cefb289f3126088299a2a592093c218b6f331fdd883cb8990c47
                                            • Instruction Fuzzy Hash: 6CA13B31728A690BD779AA2C8C897BDB7F1FB85301F10096EE4CBC3183DD34D9568685
                                            Function 00007DF4015395F8 Relevance: 3.4, APIs: 2, Instructions: 397COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: CreateFile$AcceptConnectMappingPortcalloc
                                            • String ID:
                                            • API String ID: 2835849967-0
                                            • Opcode ID: d1b445dc56701135788b0dc920e68535db059dd4faca11d9a453a424e093dfee
                                            • Instruction ID: 1b043d68e9e2ecba8d03217eeec65d2d4e1cd05701c8bf0d5353303f738c156b
                                            • Opcode Fuzzy Hash: d1b445dc56701135788b0dc920e68535db059dd4faca11d9a453a424e093dfee
                                            • Instruction Fuzzy Hash: 2ED17F7191CB888BE765EF28D4856ABB7E1FB94300F00462EE48FD71A5DF74A5058B82
                                            Function 00007DF40154DDA4 Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: File$CreateReadmalloc
                                            • String ID:
                                            • API String ID: 3950102678-0
                                            • Opcode ID: b879bc7b5dc6143657be184a8553957d82cf9a437ba6bdf4bbb2c4680e42a6eb
                                            • Instruction ID: 759cc2956ae005c75d9504c9b243d9341c1d5d453ef02033bed440be22faa174
                                            • Opcode Fuzzy Hash: b879bc7b5dc6143657be184a8553957d82cf9a437ba6bdf4bbb2c4680e42a6eb
                                            • Instruction Fuzzy Hash: 8F71C530A0CB945FE7689F5898C576AB3F1FBD8304F50053FE49FD72A6DA38A8458642
                                            Function 00007DF401539478 Relevance: 3.2, APIs: 2, Instructions: 161fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: File$CreateRead
                                            • String ID:
                                            • API String ID: 3388366904-0
                                            • Opcode ID: 73db5555d885fd7ea61d85234132b183eb459049274d5711c35081ec0b7aef7a
                                            • Instruction ID: 7836d30be9cf56ac5cf63bcdf9065a50f591ae22c2face25b4a5d0aeb8b2b5b0
                                            • Opcode Fuzzy Hash: 73db5555d885fd7ea61d85234132b183eb459049274d5711c35081ec0b7aef7a
                                            • Instruction Fuzzy Hash: 7C41F07070C6884FEB58EF28988566A73E5FFD8705F10452EE88FD7294EE74D8418782
                                            Function 00007DF40154D974 Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: File$CreateRead
                                            • String ID:
                                            • API String ID: 3388366904-0
                                            • Opcode ID: 6dcf9cfff2eacf5cd94369649f002897bcffdea66228e64647734ab7a70026dd
                                            • Instruction ID: 03b74b06ad2f363a7de09389afba93c4bdc52567dbe3fa2307f1d10973bf1001
                                            • Opcode Fuzzy Hash: 6dcf9cfff2eacf5cd94369649f002897bcffdea66228e64647734ab7a70026dd
                                            • Instruction Fuzzy Hash: 0A21067070C7585FF3689E99A88627B73E4EBD9714F10013FE88FC2256DA74A8064686
                                            Function 00007DF401522980 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: e54d32ce24f4b710544f648fa16c64d8d7f0589b34fc61474f65512f49413183
                                            • Instruction ID: 5f90fd794049417b449e08db2d9df848aebfe5cb466e8f98014a6959430cd6ca
                                            • Opcode Fuzzy Hash: e54d32ce24f4b710544f648fa16c64d8d7f0589b34fc61474f65512f49413183
                                            • Instruction Fuzzy Hash: DE310B3170C6854BE7149F6CD8947663BD1FF9A310F1503A5E88EDB2D9CB98D842C341
                                            Function 00007DF401524774 Relevance: 2.7, APIs: 2, Instructions: 242COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: malloc$free
                                            • String ID:
                                            • API String ID: 1480856625-0
                                            • Opcode ID: 352f2f2cecbb3e27f866ef48949e4e4dcfd5ee98b9eced5f0af6e5ea8a5601e0
                                            • Instruction ID: 341b471f4e95ad0fe9a015a6af3d3db7a82b569bfb5900130119e87cd145c96d
                                            • Opcode Fuzzy Hash: 352f2f2cecbb3e27f866ef48949e4e4dcfd5ee98b9eced5f0af6e5ea8a5601e0
                                            • Instruction Fuzzy Hash: A671C431A1C9885AF329A72898956EFB3E1FBD5340F00466FE08FC7197DD38A94586C6
                                            Function 00007DF40153CC5C Relevance: 2.6, APIs: 2, Instructions: 139COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: malloc$AcceptConnectPortfree
                                            • String ID:
                                            • API String ID: 342249184-0
                                            • Opcode ID: 694a03a6a0a341675988201f7685504af8169e7f1b53cb1e5f9007a100a90dea
                                            • Instruction ID: f0e717beca0b23e38bb915654220535f3730869e3cf5d152a848ba0174c67b81
                                            • Opcode Fuzzy Hash: 694a03a6a0a341675988201f7685504af8169e7f1b53cb1e5f9007a100a90dea
                                            • Instruction Fuzzy Hash: ED415371508B4C8FEB54EF18D8856A677E1FF94311F00056BE84ECB265DB34E985CB81
                                            Function 00007DF40153CA08 Relevance: 2.6, APIs: 2, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPortcallocfree
                                            • String ID:
                                            • API String ID: 1866692179-0
                                            • Opcode ID: 1c81860f17a6367f43a2a94f10a5d32e0a9fa92ddff0a1d18b0803ced88c0a31
                                            • Instruction ID: e63c0a96736d8f6ab59355ccefe7c1aacdb55b7d38138b66482183d31fef98b1
                                            • Opcode Fuzzy Hash: 1c81860f17a6367f43a2a94f10a5d32e0a9fa92ddff0a1d18b0803ced88c0a31
                                            • Instruction Fuzzy Hash: 87F02831214D0C4FE748AB2C9C886B637E1EB94726754462BE00BD7264DD78DD418780
                                            Function 00007DF401546720 Relevance: 2.2, APIs: 1, Instructions: 947COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: calloc
                                            • String ID:
                                            • API String ID: 2635317215-0
                                            • Opcode ID: 4c67779dd63165b43659fab8fd510d9b574d13d676e16a29e3859926c8de3004
                                            • Instruction ID: 9beb2ebc0684322c49f3edc6b57fe902507db119cbcb268eed3b72e538a8f888
                                            • Opcode Fuzzy Hash: 4c67779dd63165b43659fab8fd510d9b574d13d676e16a29e3859926c8de3004
                                            • Instruction Fuzzy Hash: 1772843051CA889BE769EB18D485ADEB3E1FFD5300F50462EE48F971AADE34E4458782
                                            Function 00007DF40153913C Relevance: 1.8, APIs: 1, Instructions: 316COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: CreateFileMapping
                                            • String ID:
                                            • API String ID: 524692379-0
                                            • Opcode ID: 090a60165b6d81dbbef6ccd1718067ffa9bcceaffdfa6db13320491a5d5642c1
                                            • Instruction ID: 847e9b246410df0cc92975be91e5e43a7b1acd6842d05c8d8c3eab2fcfdeb26c
                                            • Opcode Fuzzy Hash: 090a60165b6d81dbbef6ccd1718067ffa9bcceaffdfa6db13320491a5d5642c1
                                            • Instruction Fuzzy Hash: 10A16F7160CA889FEB54EF18C4859ABB3F1FBA4300F404A2EE44FD71A5DE74A945CB81
                                            Function 00007DF401574D8C Relevance: 1.8, APIs: 1, Instructions: 281networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: Recv
                                            • String ID:
                                            • API String ID: 4192927123-0
                                            • Opcode ID: 653fe3a6da9e8edf6d7f9aad963387fd79a7ca64ce6bed9a03fbf4fad2203229
                                            • Instruction ID: 7707fd494910fd40671a5e831cbbe1ff0cca94ea2b98749002c7276df2942604
                                            • Opcode Fuzzy Hash: 653fe3a6da9e8edf6d7f9aad963387fd79a7ca64ce6bed9a03fbf4fad2203229
                                            • Instruction Fuzzy Hash: 0FA12630A28A856FF794CF18A48ABA6B3F0FF95314F40052AD45FDA5E4E738F8518785
                                            Function 00007DF401545004 Relevance: 1.7, APIs: 1, Instructions: 245registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: e8d5d7329d2320a05d82013e26ca3d8c66ee9948d03da3e8e50157f1609a8dd5
                                            • Instruction ID: 55aab0f2937fa5bf3613ab2b96acfbc7ca635343d591e47527c589d39aa1b3bb
                                            • Opcode Fuzzy Hash: e8d5d7329d2320a05d82013e26ca3d8c66ee9948d03da3e8e50157f1609a8dd5
                                            • Instruction Fuzzy Hash: 1291BB3161DB889FE765EF24C489B9BB7E1FB98305F00492BE48AC7264DB34D544CB42
                                            Function 00007DF401574B28 Relevance: 1.7, APIs: 1, Instructions: 227networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: Send
                                            • String ID:
                                            • API String ID: 121738739-0
                                            • Opcode ID: d8e018eafecf73722f3cfd2108c578dd3fd3213e6426fbbfe5b50f999653df9c
                                            • Instruction ID: fc4dd19b30bc5c6fdbb02e7b81ab24af021aae55a67f0bb53856e6348d7b3a1b
                                            • Opcode Fuzzy Hash: d8e018eafecf73722f3cfd2108c578dd3fd3213e6426fbbfe5b50f999653df9c
                                            • Instruction Fuzzy Hash: 6F819070608A499FEB98DF28D485BA6B7F4FF94314F00426AD44ECB6A5DB35E840CB85
                                            Function 00007DF401535960 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: InformationVolume
                                            • String ID:
                                            • API String ID: 2039140958-0
                                            • Opcode ID: 458a1419ed12d8a3c2e86420f2914f8409b820493848f008ec8053e1bf8f0b77
                                            • Instruction ID: fd7b727252157bd5d4bcda6d39a2fcc12d154940227c4a5dc253c27337c63941
                                            • Opcode Fuzzy Hash: 458a1419ed12d8a3c2e86420f2914f8409b820493848f008ec8053e1bf8f0b77
                                            • Instruction Fuzzy Hash: 72618C3151CB889BE765EF64D885AEBB7E1FBD8300F400A2EE08BD7164DE34A505CB42
                                            Function 00007DF40154D6FC Relevance: 1.7, APIs: 1, Instructions: 176processCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: e9169745a3f5c8f3addee9eb58fc29d082d9d243fdbbd28d7b824531286ef21a
                                            • Instruction ID: 8ee396f65bd164369c25a8ebc25f72b4982e84ba2d945f7da15fcb0c43ddf437
                                            • Opcode Fuzzy Hash: e9169745a3f5c8f3addee9eb58fc29d082d9d243fdbbd28d7b824531286ef21a
                                            • Instruction Fuzzy Hash: 15512D3161C7985BF764DBA8D84976BB7F5FFE4314F00092EE48AD31A5DA78E8018B42
                                            Function 00007DF401548F84 Relevance: 1.7, APIs: 1, Instructions: 414COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 2b200ceb4e4cc9f035faf7b6c1b247c7413155f6bad845cc72cf0ce4a6dd00dc
                                            • Instruction ID: 0f52ac5390eb08cfd2c7e15416145f72ed4f67d40234183f884e9ea6e550fcad
                                            • Opcode Fuzzy Hash: 2b200ceb4e4cc9f035faf7b6c1b247c7413155f6bad845cc72cf0ce4a6dd00dc
                                            • Instruction Fuzzy Hash: 30D1803161CA885BFB65EB14D4966EF73E1FFD8344F00052FD44FDB1AADA38A9058682
                                            Function 00007DF401537B7C Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007DF4015365E0: VirtualProtect.KERNELBASE ref: 00007DF401536640
                                              • Part of subcall function 00007DF4015365E0: VirtualProtect.KERNELBASE ref: 00007DF401536669
                                              • Part of subcall function 00007DF4015365E0: VirtualProtect.KERNELBASE ref: 00007DF401536685
                                              • Part of subcall function 00007DF4015365E0: VirtualProtect.KERNELBASE ref: 00007DF4015366B0
                                            • TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF40153341C), ref: 00007DF401537CB7
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual$Free
                                            • String ID:
                                            • API String ID: 3841229516-0
                                            • Opcode ID: 9454607179550a56fcb25c77309fc397396c8818e949c4bf6b88fbdfb1fa50f0
                                            • Instruction ID: d94a8b062b68b99dc402f485a27fcf00b1d9df0bc0ef0371037af0cbd2cc300f
                                            • Opcode Fuzzy Hash: 9454607179550a56fcb25c77309fc397396c8818e949c4bf6b88fbdfb1fa50f0
                                            • Instruction Fuzzy Hash: 2A41C531B08A4C5BFB54EB68D4C456E73A1EF89700B404577E41BEB2AADA28FC408781
                                            Function 00007DF401533320 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: ErrorFunctionModeTable
                                            • String ID:
                                            • API String ID: 928017140-0
                                            • Opcode ID: d9c23544fbb2a9f569b4c70e99ee3ada11af114710c16124923c5dd5b1b488fd
                                            • Instruction ID: f2b3d250b4469e43b61ead80ed775a37a094bf7934891ef96a806711c8e2d77c
                                            • Opcode Fuzzy Hash: d9c23544fbb2a9f569b4c70e99ee3ada11af114710c16124923c5dd5b1b488fd
                                            • Instruction Fuzzy Hash: F7318731B1C9896BFB94FB58988656A72E1FFC8310B90053AE00FDB2FAD91CED458241
                                            Function 00007DF4015752D0 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: setsockopt
                                            • String ID:
                                            • API String ID: 3981526788-0
                                            • Opcode ID: 5ecb9aca37cfa74a852660f22e24977ddf5ffe3d9d8c212dab6545ea967c75f3
                                            • Instruction ID: a45e605a45448dc82ba5a27ac80639c798f7b9e1102a9fcfc6685c6f33524d7e
                                            • Opcode Fuzzy Hash: 5ecb9aca37cfa74a852660f22e24977ddf5ffe3d9d8c212dab6545ea967c75f3
                                            • Instruction Fuzzy Hash: EA31E970914A459FFB98DF189089B6177E1FF54325F1002AAD81EDF2EAE7749881CB44
                                            Function 00000251D309185C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 92 251d309185c-251d309188c call 251d30908a4 * 2 97 251d3091940-251d3091947 92->97 98 251d3091892-251d3091895 92->98 98->97 99 251d309189b-251d30918a5 98->99 99->97 100 251d30918ab-251d30918b0 99->100 100->97 101 251d30918b6-251d30918c3 100->101 101->97 102 251d30918c5-251d30918cd 101->102 102->97 103 251d30918cf-251d30918da 102->103 103->97 104 251d30918dc-251d30918e3 103->104 104->97 105 251d30918e5-251d30918e8 104->105 105->97 106 251d30918ea-251d30918f2 105->106 106->97 107 251d30918f4-251d30918f7 106->107 107->97 108 251d30918f9-251d3091902 107->108 108->97 109 251d3091904-251d3091908 108->109 109->97 110 251d309190a-251d309191a 109->110 110->97 112 251d309191c-251d3091933 GetProcessMitigationPolicy 110->112 112->97 113 251d3091935-251d309193a 112->113 113->97 114 251d309193c-251d309193d 113->114 114->97
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2117417948.00000251D3090000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000251D3090000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_251d3090000_OpenWith.jbxd
                                            Similarity
                                            • API ID: MitigationPolicyProcess
                                            • String ID:
                                            • API String ID: 1088084561-0
                                            • Opcode ID: 04359cd7b97b11c476e8c0617afcaa098c35e265ec660168a6fbd24c0647ca60
                                            • Instruction ID: 11ef596a1a665abd8028dffcb3db9760aa752d51670ca8861f93d7ddaa853044
                                            • Opcode Fuzzy Hash: 04359cd7b97b11c476e8c0617afcaa098c35e265ec660168a6fbd24c0647ca60
                                            • Instruction Fuzzy Hash: C831A530321E264AEF6997688C887F173E9EB983A2F1C41B98057C61E1DA71D862C764
                                            Function 00007DF40153B764 Relevance: 1.6, APIs: 1, Instructions: 313COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: c8a5416c91b5153a76d254bfa4ef07326f1cac8c2947bbd921b64d27c5c1bc1f
                                            • Instruction ID: 6552e95cd09ba76dc5bd261ab623366e6b1090e2e6623d8c1c83f697a0f85f69
                                            • Opcode Fuzzy Hash: c8a5416c91b5153a76d254bfa4ef07326f1cac8c2947bbd921b64d27c5c1bc1f
                                            • Instruction Fuzzy Hash: FDB1E231A18948AFEB99EF28C4D1A9773F1FFD8300B504566D40EDB2AADE24F951C781
                                            Function 00007DF401522910 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: a1e79bfd5fdfa4d599be838d72d64bf9e685b5698f2b0b05ab8498b458f49234
                                            • Instruction ID: 2876b04d32d0306e7d8243875cb9cb396ff83a8b7264400e0b4e7116a1cee644
                                            • Opcode Fuzzy Hash: a1e79bfd5fdfa4d599be838d72d64bf9e685b5698f2b0b05ab8498b458f49234
                                            • Instruction Fuzzy Hash: CA01A732B149199FFB54AB69DC8467633E5EF89391B044075E80ED6168DB39A882C780
                                            Function 00007DF401522BB0 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: DestroyHeap
                                            • String ID:
                                            • API String ID: 2435110975-0
                                            • Opcode ID: e8b38785987ebe4bf97a71b2e294a612045f12fa57e0274daf3e7e500e703184
                                            • Instruction ID: 5aff77f1020c02d2b0afad43d99a9976d0d9ccd1790f8a72ff8d7b663bd05e7a
                                            • Opcode Fuzzy Hash: e8b38785987ebe4bf97a71b2e294a612045f12fa57e0274daf3e7e500e703184
                                            • Instruction Fuzzy Hash: 77018C75A086559FEB50EF6AFC8612636B0FB98311B40413FE00EDB9B4CA385880CB40
                                            Function 00007DF401522B5C Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: CreateHeap
                                            • String ID:
                                            • API String ID: 10892065-0
                                            • Opcode ID: f6a5c260a6ff26826b95901847e0f94daf167b208f970919ab6999429e88efbf
                                            • Instruction ID: 2b2cc18365b392ac32337c8c11dab092908fad57d64fe9c20944e378a1882369
                                            • Opcode Fuzzy Hash: f6a5c260a6ff26826b95901847e0f94daf167b208f970919ab6999429e88efbf
                                            • Instruction Fuzzy Hash: 88F0A076B182855BF720AF766C8112A61B29BC8312F54453BE80BCE1A9DC3998818A40
                                            Function 00007DF401533088 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: AddressCallerProc
                                            • String ID:
                                            • API String ID: 2663294120-0
                                            • Opcode ID: c2543c20c0a7d110227d86949c13dfaa5e54e54e664fb098b1aa0bdcf88303a9
                                            • Instruction ID: 34020377ed4b81a63140576b94f3d15effff1d1435ee34afae7ec8aa7fb35c9b
                                            • Opcode Fuzzy Hash: c2543c20c0a7d110227d86949c13dfaa5e54e54e664fb098b1aa0bdcf88303a9
                                            • Instruction Fuzzy Hash: 6EE0C211B18C091B7BA862AE248CA7755D6DBDC232344027BE41ED72A9EC58CC850380
                                            Function 00007DF401545644 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: setsockopt
                                            • String ID:
                                            • API String ID: 3981526788-0
                                            • Opcode ID: ddedd6023ad442b8d2b2fe3290ed3783bcd232237776f9c3a295af58d00cf6c3
                                            • Instruction ID: 8805acb2501d3561ec01f357c6e90076106209fc470426c068472666aa07ddb7
                                            • Opcode Fuzzy Hash: ddedd6023ad442b8d2b2fe3290ed3783bcd232237776f9c3a295af58d00cf6c3
                                            • Instruction Fuzzy Hash: F3F08C74214A044FEB48EF5CC48876677E2FFE8329F10016AE90ECB2E4DB369989C741
                                            Function 00007DF40154D8E4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: 23f3765db31a0df280e37a6bc4f8137308a1fee0486dc2818908f898aea27d2f
                                            • Instruction ID: c076b59af0e72806b2472201f695b54bc63e28b6ed3703abb36710452691a838
                                            • Opcode Fuzzy Hash: 23f3765db31a0df280e37a6bc4f8137308a1fee0486dc2818908f898aea27d2f
                                            • Instruction Fuzzy Hash: ADE0C232B150240BF72C6ABD2C8917A36DAC7CC572705423BF80AC3284ED7C8C4602D1
                                            Function 00007DF401523DD8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: FunctionTable
                                            • String ID:
                                            • API String ID: 1252446317-0
                                            • Opcode ID: 3b09555bf32cd7a482aca5e21dc4f37ab037edd0c1b9afc7390cc3b8e22e33b4
                                            • Instruction ID: 6b1552c0e1582113b1acf60802a7708e8712517815cffed202f1a53ffebe48a9
                                            • Opcode Fuzzy Hash: 3b09555bf32cd7a482aca5e21dc4f37ab037edd0c1b9afc7390cc3b8e22e33b4
                                            • Instruction Fuzzy Hash: BCE086305509055FEFA8E61DC8493503AE0FB9C306F6442ADD405D92A5DB3DD89BCF81
                                            Function 00007DF40153305C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                            • Instruction ID: 572788d3507ee2099820c6a2dae4c638e99f6bf386f4c784f5d9b32c5561147d
                                            • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                            • Instruction Fuzzy Hash: 70D0A721724D0D2BFB88633D1C9472651D5FBCC221F94017BF40EC6285ED5CCC550351
                                            Function 00007DF4015A9F04 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemInfo.KERNELBASE(?,00007DF4015BB7C7,?,?,?,?,00000000,00000000), ref: 00007DF4015A9F21
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: InfoSystem
                                            • String ID:
                                            • API String ID: 31276548-0
                                            • Opcode ID: d72fac8d1d1b7f96bb5fe0759d88f2d5c6e0343dfc4f10e03c2c9322f33a3d86
                                            • Instruction ID: e9769df5e2b9b6e4ab05540a8ce222c814d0ceda1ea8d221698a4440a5e35679
                                            • Opcode Fuzzy Hash: d72fac8d1d1b7f96bb5fe0759d88f2d5c6e0343dfc4f10e03c2c9322f33a3d86
                                            • Instruction Fuzzy Hash: D2E04F319198594BF30DF731DC958E73271EBA4300F914637D807A60B6ED2C66498681
                                            Function 00007DF401535CC3 Relevance: 1.4, APIs: 1, Instructions: 150COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 903acddc3c2cbd21899d181af60d2020bd4c0d22b9f6ec9809e98e44769c02c6
                                            • Instruction ID: 09491a9d9ddbe18b1f7a444a6a067e9141ac7ecde038e25c4694517a20fb6106
                                            • Opcode Fuzzy Hash: 903acddc3c2cbd21899d181af60d2020bd4c0d22b9f6ec9809e98e44769c02c6
                                            • Instruction Fuzzy Hash: A2413130618D489FEB94EB18C485E96B3F1FFE4310F50466AD44EDB1AADA34F941CB81
                                            Function 00007DF4015435F4 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID:
                                            • API String ID: 2803490479-0
                                            • Opcode ID: 31b51a1252b2397096177e19cb7010b666d546ef653b70412147a1dab026b8b6
                                            • Instruction ID: 7571c8d002ed0ec3cdfd12c6279cb1ebc31dac2308db8690fbe02b16ec58fd56
                                            • Opcode Fuzzy Hash: 31b51a1252b2397096177e19cb7010b666d546ef653b70412147a1dab026b8b6
                                            • Instruction Fuzzy Hash: 3341A030608D1E9FEB98EF6CD888A6577F1FBA8311710422BD41AC7664DB74E8948BC0
                                            Function 00007DF401524620 Relevance: 1.4, APIs: 1, Instructions: 130COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID:
                                            • API String ID: 2803490479-0
                                            • Opcode ID: c3b5330ba83a094f7bad87bbcfda8b7898b28b22e9f53235a9dbd9f71cfcc7c9
                                            • Instruction ID: 4ef613a779e9d45628a74a38a18613d9d8df259052bb05d528efbc5bdbb4c451
                                            • Opcode Fuzzy Hash: c3b5330ba83a094f7bad87bbcfda8b7898b28b22e9f53235a9dbd9f71cfcc7c9
                                            • Instruction Fuzzy Hash: 7941E631A084985BFB68DF2888D407B37E1EFC6305714817BD86BCE19ADA28E947C7D0
                                            Function 00007DF4015FB260 Relevance: 1.4, APIs: 1, Instructions: 119COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: calloc
                                            • String ID:
                                            • API String ID: 2635317215-0
                                            • Opcode ID: 1510f62e4c51649cb4b3fc6bb3479c9fee78b3cdc066acf53db6694c8fe85d1c
                                            • Instruction ID: 2c88d3e0649ab1557008972ecb894192d152f0ecbfd85f80fc47342d78189795
                                            • Opcode Fuzzy Hash: 1510f62e4c51649cb4b3fc6bb3479c9fee78b3cdc066acf53db6694c8fe85d1c
                                            • Instruction Fuzzy Hash: AD41B570908A188EEBA1DF18D4887D576E5FB68701F2842BBDC4DCF25ADB7498858B90
                                            Function 00007DF401543848 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                            Download Yara Rule
                                            APIs
                                            • malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF401562CFA), ref: 00007DF401543867
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID:
                                            • API String ID: 2803490479-0
                                            • Opcode ID: aa4f1f029a65678ad9f3ad1f83a567308f2cd0838b93955c777e9bc3ae762b5b
                                            • Instruction ID: d541dafc69fcfd0eca9420b2eee1a31d8f21adb7c20c0304805ff19d14ad5845
                                            • Opcode Fuzzy Hash: aa4f1f029a65678ad9f3ad1f83a567308f2cd0838b93955c777e9bc3ae762b5b
                                            • Instruction Fuzzy Hash: E721A531614D2C8FEB59EF1CD88C76177E1FBA831171441ABD80ADB269DA35E884C791
                                            Function 00007DF4015F9618 Relevance: 1.3, APIs: 1, Instructions: 89COMMON
                                            Download Yara Rule
                                            APIs
                                            • free.MSVCRT(?,?,?,?,?,?,-00000002,00007DF4015459FD,?,?,?,?,?,?,-00000002,00007DF401545A9F), ref: 00007DF4015F9669
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 3c3f3896645624ed2edffa25d0ed107847367446d48ff0b9b56c9f709a2f52a8
                                            • Instruction ID: de531c584faa8aa439a1ddb28f30d81ab56ffcb085523361206c55db89aaa71b
                                            • Opcode Fuzzy Hash: 3c3f3896645624ed2edffa25d0ed107847367446d48ff0b9b56c9f709a2f52a8
                                            • Instruction Fuzzy Hash: A131C034619D499FFF98EF68C4A97A533A1FFD4305F5400BDA80FDE1AACA28A845D710
                                            Function 00007DF40161ABFC Relevance: 1.3, APIs: 1, Instructions: 89COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                            • Instruction ID: 00761ca26f2f7110a90d9a2349ef70fafc3013690134544b0da258026491c20c
                                            • Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                            • Instruction Fuzzy Hash: A2216530A098985FDF94EB5CC4C4D6677E2EFD835076906A1E81ED729DD625EC80C780
                                            Function 00007DF401532E18 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: lstrcmpi
                                            • String ID:
                                            • API String ID: 1586166983-0
                                            • Opcode ID: dd3043cd4fdbf6ce1bec2523c8a3e90b76413ae5d3024df9cc9149889a1f6f13
                                            • Instruction ID: da1eab8a9f2825727562937383f5627280ddd6ba365ea628200383059c979ac3
                                            • Opcode Fuzzy Hash: dd3043cd4fdbf6ce1bec2523c8a3e90b76413ae5d3024df9cc9149889a1f6f13
                                            • Instruction Fuzzy Hash: 6C11DA31F049482FF7999B38984A2B736E1FFD4201F840236D80BDB1B9EE2C9A448240
                                            Function 00007DF401605F24 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • calloc.MSVCRT(?,?,?,?,?,00000001,?,00007DF4016062A0,?,?,?,?,?,00000000,?,?), ref: 00007DF401605F50
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: calloc
                                            • String ID:
                                            • API String ID: 2635317215-0
                                            • Opcode ID: b06512987aa8d2c8df61d034f6c9c76fa6a4a0890f349fee8146c1fc6763cbd3
                                            • Instruction ID: f13ca5be398bb8ea5bfe4ca833587b1a2a0ab04719c171610fe6696fbe319efd
                                            • Opcode Fuzzy Hash: b06512987aa8d2c8df61d034f6c9c76fa6a4a0890f349fee8146c1fc6763cbd3
                                            • Instruction Fuzzy Hash: 99015630614D495FFB94EF6C8888A2772A1FBD831175486BAE81EC729DDA38DC51CB90
                                            Function 00007DF40153BAB4 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 75680fa04e19e4440b4640af9aa4d4391f4b0436c9268b337d289e293cb6ea92
                                            • Instruction ID: eac061c45812d33c2a92540edc946fb4c869999ddabf1178bb599e4743dd16b5
                                            • Opcode Fuzzy Hash: 75680fa04e19e4440b4640af9aa4d4391f4b0436c9268b337d289e293cb6ea92
                                            • Instruction Fuzzy Hash: 2C01F63020894C9FEF98EB1CD4D8E5573E5EBA8310B5805AAD40EDF259CA65EC828B40
                                            Function 00007DF401526540 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            • malloc.MSVCRT(?,?,?,?,-00000001,?,-00000001,00007DF4015265CE), ref: 00007DF401526585
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID:
                                            • API String ID: 2803490479-0
                                            • Opcode ID: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
                                            • Instruction ID: 7fa4cc82fda70c8eec4ca4838c37ea42e038ff723c864d7253e7f31778fccad2
                                            • Opcode Fuzzy Hash: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
                                            • Instruction Fuzzy Hash: 5901D631B05E066BF3689B29D488322B3E1FB98311F04413AE809C7298DB38E890C7C0
                                            Function 00007DF4015224F4 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: 85f62002f11eda201487085593c698b0135f5f3e41b5990a1ae8dfcda2a01f33
                                            • Instruction ID: e9cc0313023d838b451da1cac3f3856beee3c2b1526b8f43eb9a8f0043224822
                                            • Opcode Fuzzy Hash: 85f62002f11eda201487085593c698b0135f5f3e41b5990a1ae8dfcda2a01f33
                                            • Instruction Fuzzy Hash: A2016235B18E495BFB58DF2C986422132E1FB99315B54C16ED00FDE2F8EA29E8428701
                                            Function 00007DF4015802AC Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: e005b8aad8ae59e5c4306d33e7cf4f806ca0153c9240256dc9db618efce1777c
                                            • Instruction ID: 060b7151fe355e7dd0aaf48dd159bb1b432291f7446086c802a637b2481f294d
                                            • Opcode Fuzzy Hash: e005b8aad8ae59e5c4306d33e7cf4f806ca0153c9240256dc9db618efce1777c
                                            • Instruction Fuzzy Hash: E1F04F3061BA0E9BFF5CBB65985862B37B0EB54302B04103FEC0BE11A4CA6D98549721
                                            Function 00000251D30919A0 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 123 251d30919a0-251d30919bd 125 251d30919c9-251d30919d0 123->125 126 251d30919bf-251d30919c6 123->126 127 251d30919d2-251d30919e5 VirtualFree 125->127 128 251d30919e7-251d30919f5 125->128 126->125 127->128
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2117417948.00000251D3090000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000251D3090000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_251d3090000_OpenWith.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: 68a2bebb63dec11ebeb4fbf40c1c95563ebbd08489d40e2effbc7ec76ba53b27
                                            • Instruction ID: 1f2e29078b03b8326d867a8921467dd4739d760f7a59c5557b28417a707368ee
                                            • Opcode Fuzzy Hash: 68a2bebb63dec11ebeb4fbf40c1c95563ebbd08489d40e2effbc7ec76ba53b27
                                            • Instruction Fuzzy Hash: 18F03A31215A098FDF9CEF95C8D9FA133A4EB28301F0801B9CC0BCB15ADA21E885C791
                                            Function 00007DF40154DADC Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID:
                                            • API String ID: 2803490479-0
                                            • Opcode ID: 4c39f900df3972edeb9c523e4745635d2babc99cae264e1317ea5b764d4d565e
                                            • Instruction ID: 3139d04137c5fdddccc4a9c243cca7526c7bbb4ae047b03b3569a3312356b63a
                                            • Opcode Fuzzy Hash: 4c39f900df3972edeb9c523e4745635d2babc99cae264e1317ea5b764d4d565e
                                            • Instruction Fuzzy Hash: 9ED05E10B16D0D1BBB58A6BE1C8A12621E6D7E81627440537B80AC3264ED29CC458250
                                            Function 00007DF40154379C Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 38b5563491cec97da23afbec1dbe8fd433f77e7ca0be4d4ad2848afd0e677fff
                                            • Instruction ID: 5b5ae461d440e7ec0cdcc6d7c2db212cd88ecb84c6fca26ca08655d7e2e0be88
                                            • Opcode Fuzzy Hash: 38b5563491cec97da23afbec1dbe8fd433f77e7ca0be4d4ad2848afd0e677fff
                                            • Instruction Fuzzy Hash: DAE08C3052592D8FEF88EB388948B5232F0FB48308F840865D00AC61F4D73CD680C701
                                            Function 00007DF40152FBE8 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID:
                                            • API String ID: 2803490479-0
                                            • Opcode ID: 7aac0fcb7c972547ff5d390886f6270a0f974cec2218a33fb889b5e6a18d3d37
                                            • Instruction ID: d7ef21bb14e60270f143156929b1f422bfba92532e21d7599281b3dacff181cf
                                            • Opcode Fuzzy Hash: 7aac0fcb7c972547ff5d390886f6270a0f974cec2218a33fb889b5e6a18d3d37
                                            • Instruction Fuzzy Hash: F0D01270A0A80A0BBB9076FB6CCE13929A8DB282027000026E819C1274EA08C8A4E792
                                            Function 00007DF401524A20 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 551c0ffc82b28a3876ee79cfc9de3840c8837f1e4274ad0e5daf9a8a7b3ff23c
                                            • Instruction ID: d4e9eccf8bb7e9b972e70a6a4b3c534b8f70f526710aa96edd88da372236da3b
                                            • Opcode Fuzzy Hash: 551c0ffc82b28a3876ee79cfc9de3840c8837f1e4274ad0e5daf9a8a7b3ff23c
                                            • Instruction Fuzzy Hash: A9B01234D27C4F13FD4C33770E590293661AF58202FC40015E807C4868E78CC4D4A346
                                            Function 00007DF40154DD18 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: aa089de65a6cfd9dc02d261aa503efaa6fd5d5a1e0a60673f9a4ee977fe4c43d
                                            • Instruction ID: 5a8c08ec907c1bf7cf0c87233b30f88344d6f78b5bcdb95f0d26b10f359ed4a8
                                            • Opcode Fuzzy Hash: aa089de65a6cfd9dc02d261aa503efaa6fd5d5a1e0a60673f9a4ee977fe4c43d
                                            • Instruction Fuzzy Hash: 06B01224C2BC6F63FF5D33B64C590153570AF54205FC40015DC06C0458ED2EC0944352
                                            Function 00007DF401535BBC Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: b7031c71d370f0c4b9d1add862bc0dfec61c612abdfff09cb5e9d61695c69b58
                                            • Instruction ID: f83ba9bf4f48c281877cbb087044135235d795d4e9134deb21405a6a78b3625c
                                            • Opcode Fuzzy Hash: b7031c71d370f0c4b9d1add862bc0dfec61c612abdfff09cb5e9d61695c69b58
                                            • Instruction Fuzzy Hash: BCB012348EBD4B52FD0C33760DE91593960BF54201FC50025D807D4064F50EC09A47D6

                                            Non-executed Functions

                                            Function 00007DF40154E261 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000003.2117128759.00007DF401521000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF401521000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_3_7df401521000_OpenWith.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 46f5df41ea43a57528ce76f95f617c5d60ae02f95908509022172248d9e28bd8
                                            • Instruction ID: 317b8491c6c81d94af8fc2b3a06f72133790875556e8c436f9feff669d1d81d5
                                            • Opcode Fuzzy Hash: 46f5df41ea43a57528ce76f95f617c5d60ae02f95908509022172248d9e28bd8
                                            • Instruction Fuzzy Hash: FFB01130E28808C2C2280E0AF802330F2B0C30B300F00303A2000F3A20C8BACC82008F
                                            Function 00000251D3090511 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2117417948.00000251D3090000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000251D3090000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_251d3090000_OpenWith.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d522c07823fb8778296108337a3d1ec347010d1dae431256f70b68abef76ec51
                                            • Instruction ID: 9c6f723353de5f7bfac1b68b00d860ec9f8fa9508ac40f659eae0282c9a534f1
                                            • Opcode Fuzzy Hash: d522c07823fb8778296108337a3d1ec347010d1dae431256f70b68abef76ec51
                                            • Instruction Fuzzy Hash: 26B01132E28A0082E3880E0AB8023B0F2B0C30B300F00B0322008F3220C828CC08028F

                                            Execution Graph

                                            Execution Coverage:5%
                                            Dynamic/Decrypted Code Coverage:14.9%
                                            Signature Coverage:0%
                                            Total number of Nodes:289
                                            Total number of Limit Nodes:23
                                            execution_graph 22471 1e4d5862628 22472 1e4d586265b 22471->22472 22474 1e4d586267c Thread32First 22472->22474 22478 1e4d5862734 22472->22478 22473 1e4d586288a 22477 1e4d5862681 22474->22477 22475 1e4d586276d SuspendThread 22475->22478 22476 1e4d586272b CloseHandle 22476->22478 22477->22476 22478->22473 22478->22475 22798 1e4d586dde4 GetSystemInfo VirtualAlloc 22789 1e4d586d6f0 malloc 22713 7df4e2e92f60 22714 7df4e2e92fdc 22713->22714 22715 7df4e2e92f6d 22713->22715 22715->22714 22716 7df4e2e92fa3 SetWinEventHook 22715->22716 22716->22714 22717 1e4d5862974 22718 1e4d586299a 22717->22718 22719 1e4d58629a2 VirtualProtect 22717->22719 22718->22719 22720 1e4d58629bd 22719->22720 22722 1e4d58629c7 22719->22722 22721 1e4d5862a09 VirtualProtect 22721->22720 22722->22721 22723 1e4d586bbb4 22724 1e4d586bbb9 22723->22724 22728 1e4d586bbe2 22723->22728 22729 1e4d5864e74 calloc 22724->22729 22726 1e4d586bbda 22730 1e4d586b9d8 22726->22730 22729->22726 22731 1e4d586b9f9 22730->22731 22732 1e4d586bad0 CreateWindowExW 22731->22732 22733 1e4d586bb2d 22731->22733 22732->22733 22733->22728 22734 1e4d586cdf4 22735 1e4d586ce47 22734->22735 22742 1e4d586ae7c 22735->22742 22737 1e4d586ce6f CreateNamedPipeW 22738 1e4d586ceb7 22737->22738 22741 1e4d586cef9 22737->22741 22739 1e4d586ced0 BindIoCompletionCallback 22738->22739 22740 1e4d586cee8 ConnectNamedPipe 22739->22740 22739->22741 22740->22741 22743 1e4d586aeb8 22742->22743 22746 1e4d5872990 22743->22746 22745 1e4d586aec0 22745->22737 22747 1e4d58729a4 NtAcceptConnectPort 22746->22747 22748 1e4d58729be 22746->22748 22747->22748 22748->22745 22795 1e4d5870ab4 calloc 22762 7df4e2e93018 22763 7df4e2e9304b 22762->22763 22771 7df4e2e93213 22763->22771 22772 7df4e2e91708 22763->22772 22767 7df4e2e93130 calloc 22769 7df4e2e93085 22767->22769 22768 7df4e2e9318a 22770 7df4e2e931e7 SendMessageA 22768->22770 22769->22767 22769->22768 22769->22771 22770->22771 22773 7df4e2e91715 22772->22773 22774 7df4e2e9173b 22772->22774 22773->22774 22775 7df4e2e9171b RtlAddFunctionTable 22773->22775 22776 7df4e2e91740 22774->22776 22775->22774 22777 7df4e2e91760 VirtualProtect 22776->22777 22779 7df4e2e9176f 22776->22779 22777->22779 22778 7df4e2e9180d 22778->22769 22779->22778 22780 7df4e2e917e9 VirtualProtect 22779->22780 22780->22779 22811 7df4e2e91d18 NtReadVirtualMemory 22781 1e4d586be7c 22782 1e4d586bea5 22781->22782 22783 1e4d586bed3 LoadLibraryA 22782->22783 22784 1e4d586beb5 22782->22784 22783->22784 22785 1e4d586697c 22786 1e4d5866998 22785->22786 22787 1e4d58669a6 22786->22787 22788 1e4d586699d GetProcAddressForCaller 22786->22788 22788->22787 22454 7df4e2ea22cc 22456 7df4e2ea22ee 22454->22456 22455 7df4e2ea276d 22456->22455 22462 7df4e2ea1290 22456->22462 22460 7df4e2ea2329 22460->22455 22461 7df4e2ea2754 SetTimer 22460->22461 22461->22455 22463 7df4e2ea129d 22462->22463 22464 7df4e2ea12c3 22462->22464 22463->22464 22465 7df4e2ea12a3 RtlAddFunctionTable 22463->22465 22466 7df4e2ea12c8 22464->22466 22465->22464 22467 7df4e2ea12e8 VirtualProtect 22466->22467 22469 7df4e2ea12f7 22466->22469 22467->22469 22468 7df4e2ea1395 22468->22460 22469->22468 22470 7df4e2ea1371 VirtualProtect 22469->22470 22470->22469 22479 7df4e2e92ed0 22480 7df4e2e92ee6 22479->22480 22482 7df4e2e92f16 22480->22482 22483 7df4e2e92704 NtQuerySystemInformation 22480->22483 22484 7df4e2e9272d malloc 22483->22484 22485 7df4e2e92727 22483->22485 22486 7df4e2e92743 NtQuerySystemInformation 22484->22486 22487 7df4e2e9275f 22484->22487 22485->22484 22486->22487 22487->22482 22488 1e4d5862904 22489 1e4d5862957 22488->22489 22490 1e4d5862916 22488->22490 22490->22489 22491 1e4d5862939 ResumeThread 22490->22491 22491->22490 22492 1e4d5865110 22505 1e4d587252c 22492->22505 22494 1e4d5865328 22495 1e4d586531b 22517 1e4d5872418 22495->22517 22496 1e4d5865169 22496->22494 22496->22495 22508 1e4d58728b8 22496->22508 22501 1e4d58652a6 22514 1e4d58728e8 22501->22514 22504 1e4d58728b8 NtAcceptConnectPort 22504->22501 22506 1e4d5872551 22505->22506 22507 1e4d587253c NtAcceptConnectPort 22505->22507 22506->22496 22507->22506 22509 1e4d58728c8 NtAcceptConnectPort 22508->22509 22510 1e4d58651f8 22508->22510 22509->22510 22510->22495 22511 1e4d58727b8 22510->22511 22512 1e4d5865244 22511->22512 22513 1e4d58727cb NtAcceptConnectPort 22511->22513 22512->22501 22512->22504 22513->22512 22515 1e4d58728f8 NtAcceptConnectPort 22514->22515 22516 1e4d58728fc 22514->22516 22515->22516 22516->22495 22518 1e4d5872428 NtAcceptConnectPort 22517->22518 22519 1e4d587242c 22517->22519 22518->22519 22519->22494 22520 1e4d5866950 22521 1e4d586696a 22520->22521 22522 1e4d5866974 22521->22522 22523 1e4d586696f LoadLibraryA 22521->22523 22523->22522 22807 1e4d58658d0 30 API calls 22524 1e4d586ccd0 22525 1e4d586cd39 22524->22525 22526 1e4d586cce3 22524->22526 22530 1e4d586a76c 22526->22530 22528 1e4d586ccf5 22529 1e4d586cd18 ReadFile 22528->22529 22529->22525 22531 1e4d586a78c 22530->22531 22532 1e4d586a7d3 22530->22532 22531->22532 22533 1e4d586a7f7 malloc 22531->22533 22532->22528 22533->22532 22796 1e4d58712d0 15 API calls 22534 1e4d586ca8c 22535 1e4d586caaa 22534->22535 22548 1e4d586cb24 22534->22548 22536 1e4d586cad0 22535->22536 22537 1e4d586cc4f 22535->22537 22535->22548 22538 1e4d586cc1e 22536->22538 22542 1e4d586cae7 22536->22542 22539 1e4d586a76c malloc 22537->22539 22540 1e4d586a76c malloc 22538->22540 22541 1e4d586cc32 22539->22541 22540->22541 22543 1e4d586cc83 ReadFile 22541->22543 22544 1e4d586cb1b 22542->22544 22545 1e4d586cbdd 22542->22545 22542->22548 22543->22548 22544->22548 22549 1e4d586c784 22544->22549 22560 1e4d586bbf0 22545->22560 22550 1e4d586ca56 22549->22550 22559 1e4d586c7be 22549->22559 22550->22548 22551 1e4d586ca3f 22579 1e4d586a960 22551->22579 22553 1e4d586c9ba 22553->22551 22574 1e4d586c25c 22553->22574 22555 1e4d586c9b2 22578 1e4d587dc78 free free free 22555->22578 22559->22550 22559->22553 22559->22555 22567 1e4d587e0c8 free free free 22559->22567 22568 1e4d587d4ac 22559->22568 22561 1e4d586bc1e 22560->22561 22562 1e4d586bcec 22560->22562 22561->22562 22563 1e4d586bc41 OpenFileMappingW 22561->22563 22562->22548 22563->22562 22564 1e4d586bc5e MapViewOfFile 22563->22564 22565 1e4d586bce3 CloseHandle 22564->22565 22566 1e4d586bc7c 22564->22566 22565->22562 22566->22565 22567->22559 22569 1e4d587d4be 22568->22569 22570 1e4d587d4c5 22568->22570 22569->22559 22570->22569 22571 1e4d587d4fe free 22570->22571 22572 1e4d587d504 22570->22572 22571->22572 22572->22569 22582 1e4d58a4468 22572->22582 22575 1e4d586c2a1 22574->22575 22577 1e4d586c66e 22574->22577 22576 1e4d586c5ba VirtualAlloc 22575->22576 22575->22577 22576->22577 22577->22551 22578->22553 22580 1e4d586a973 free 22579->22580 22581 1e4d586a984 22579->22581 22580->22580 22580->22581 22581->22550 22583 1e4d58a44af 22582->22583 22584 1e4d58a4476 22582->22584 22583->22569 22584->22583 22585 1e4d58a4491 free 22584->22585 22586 1e4d58a4498 free 22584->22586 22585->22586 22586->22583 22587 1e4d587288c 22588 1e4d58728ab 22587->22588 22589 1e4d587289c NtAcceptConnectPort 22587->22589 22589->22588 22590 1e4d58658d8 22593 1e4d5866c10 22590->22593 22592 1e4d58658ea 22594 1e4d5866cfc 22593->22594 22595 1e4d5866c19 22593->22595 22594->22592 22595->22594 22604 1e4d5872d24 22595->22604 22597 1e4d5866cae 22597->22594 22611 1e4d5863c84 22597->22611 22599 1e4d5866cba 22600 1e4d5866cd1 SetErrorMode 22599->22600 22601 1e4d5866cea 22600->22601 22603 1e4d5866d14 22600->22603 22601->22594 22615 1e4d58669b0 22601->22615 22603->22592 22633 1e4d5864998 22604->22633 22606 1e4d5873db2 22606->22597 22607 1e4d5873866 RtlFormatCurrentUserKeyPath 22609 1e4d5873872 22607->22609 22608 1e4d5872d71 22608->22606 22608->22607 22608->22609 22609->22606 22637 1e4d58655f0 6 API calls 22609->22637 22612 1e4d5863cb7 22611->22612 22613 1e4d5863c91 22611->22613 22612->22599 22613->22612 22614 1e4d5863c97 RtlAddFunctionTable 22613->22614 22614->22612 22616 1e4d58669b9 22615->22616 22624 1e4d5866a18 22615->22624 22638 1e4d5864e74 calloc 22616->22638 22618 1e4d58669d3 22619 1e4d5866a75 22618->22619 22621 1e4d58669e5 22618->22621 22662 1e4d5870bd0 15 API calls 22619->22662 22622 1e4d58669f9 22621->22622 22623 1e4d5866a41 22621->22623 22621->22624 22625 1e4d5866a34 22622->22625 22626 1e4d58669fe 22622->22626 22661 1e4d58711e8 12 API calls 22623->22661 22624->22594 22660 1e4d5870cf0 15 API calls 22625->22660 22629 1e4d5866a27 22626->22629 22630 1e4d5866a03 22626->22630 22659 1e4d5870e18 18 API calls 22629->22659 22630->22624 22639 1e4d586d594 22630->22639 22634 1e4d58649b0 22633->22634 22635 1e4d58649da 22634->22635 22636 1e4d58649b8 calloc 22634->22636 22635->22608 22636->22635 22637->22606 22638->22618 22640 1e4d586d5aa 22639->22640 22641 1e4d586d629 CloseHandle 22640->22641 22642 1e4d586d5c5 MapViewOfFile 22640->22642 22643 1e4d586d6db 22641->22643 22644 1e4d586d63b 22641->22644 22649 1e4d586d5ef 22642->22649 22645 1e4d586a960 free 22643->22645 22644->22643 22663 1e4d5862b50 22644->22663 22647 1e4d586d6e5 22645->22647 22647->22624 22648 1e4d586d64b 22648->22643 22667 1e4d586dfc4 22648->22667 22649->22641 22653 1e4d586d65d 22676 1e4d586d188 6 API calls 22653->22676 22655 1e4d586d662 22677 1e4d5867950 22655->22677 22657 1e4d586d697 22683 1e4d5862ba4 6 API calls 22657->22683 22659->22624 22660->22624 22661->22624 22662->22624 22664 1e4d5862b60 22663->22664 22665 1e4d5862b69 HeapCreate 22664->22665 22666 1e4d5862b82 22664->22666 22665->22666 22666->22648 22668 1e4d586dfdc 22667->22668 22673 1e4d586e026 22668->22673 22684 1e4d5862c20 22668->22684 22670 1e4d586d658 22675 1e4d586def8 GetSystemInfo VirtualAlloc 22670->22675 22671 1e4d586e033 VirtualProtect 22688 1e4d5861000 22671->22688 22673->22670 22673->22671 22674 1e4d586e060 VirtualProtect 22674->22670 22675->22653 22676->22655 22680 1e4d586797b 22677->22680 22678 1e4d5867bd3 22678->22657 22679 1e4d586a960 free 22679->22678 22680->22678 22682 1e4d5867b21 22680->22682 22697 1e4d586778c 22680->22697 22682->22679 22683->22643 22686 1e4d5862c4e 22684->22686 22685 1e4d5862cb8 22685->22673 22686->22685 22690 1e4d58624c0 22686->22690 22689 1e4d586100c 22688->22689 22689->22674 22693 1e4d58622d0 GetSystemInfo 22690->22693 22696 1e4d5862301 22693->22696 22694 1e4d58623a0 VirtualAlloc 22695 1e4d58623cb 22694->22695 22694->22696 22695->22685 22696->22694 22696->22695 22698 1e4d58677b4 22697->22698 22705 1e4d5872c64 22698->22705 22700 1e4d58677dd 22702 1e4d5867829 22700->22702 22709 1e4d58729d4 22700->22709 22703 1e4d586786b GetVolumeInformationW 22702->22703 22704 1e4d58678bc 22702->22704 22703->22704 22704->22682 22706 1e4d5872c87 22705->22706 22708 1e4d5872c7f 22705->22708 22707 1e4d5872ce8 NtAcceptConnectPort 22706->22707 22706->22708 22707->22708 22708->22700 22710 1e4d5872a1d 22709->22710 22711 1e4d5872a73 NtAcceptConnectPort 22710->22711 22712 1e4d5872a27 22710->22712 22711->22712 22712->22702 22816 1e4d5866bd8 NtAcceptConnectPort 22804 1e4d586cd54 CreateNamedPipeW BindIoCompletionCallback ConnectNamedPipe NtAcceptConnectPort 22749 1e4d58674a0 22753 1e4d58674d8 22749->22753 22750 1e4d5867732 22752 1e4d5867573 VirtualFree 22752->22753 22753->22750 22753->22752 22754 1e4d58673c4 free 22753->22754 22754->22753 22755 1e4d5877da0 SetErrorMode 22756 1e4d5877db4 22755->22756 22757 1e4d587b216 socket 22756->22757 22758 1e4d587b25a getsockopt 22757->22758 22759 1e4d587b2a3 socket 22757->22759 22758->22759 22761 1e4d587b2c3 22759->22761 22800 1e4d5866ddf free 22801 1e4d5862ddc 6 API calls

                                            Executed Functions

                                            Function 00007DF4E2E91958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000003.2059711361.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_3_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
                                            • String ID: H$H
                                            • API String ID: 874015164-136785262
                                            • Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                            • Instruction ID: 9b3c1338cb038a02843ba0beb795d6fe5c4a2c7229105adc8981a04c0b6c3e52
                                            • Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                            • Instruction Fuzzy Hash: DFB1407060CB988FDB64DF18D885B9AB7E5FBD5300F040A6EE5CAC3251DA34E5458B86
                                            Function 000001E4D5872D24 Relevance: 15.3, APIs: 1, Strings: 7, Instructions: 1263COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 1e4d5872d24-1e4d5872d80 call 1e4d5864998 3 1e4d5873dc7-1e4d5873ded call 1e4d5874500 0->3 4 1e4d5872d86-1e4d5872de7 call 1e4d5866da4 * 3 call 1e4d58632f8 call 1e4d5866da4 0->4 18 1e4d5873db4-1e4d5873db5 4->18 19 1e4d5872ded-1e4d5873700 4->19 22 1e4d5873db9-1e4d5873dc2 call 1e4d58649f4 18->22 20 1e4d5873706-1e4d5873711 19->20 21 1e4d5873855-1e4d587385d 19->21 20->21 23 1e4d5873717-1e4d5873725 20->23 25 1e4d58738d0-1e4d58738e1 21->25 26 1e4d587385f-1e4d5873864 21->26 22->3 27 1e4d587372b-1e4d5873733 23->27 28 1e4d5873850-1e4d5873851 23->28 30 1e4d587393a-1e4d5873940 25->30 31 1e4d58738e3-1e4d58738fb 25->31 26->25 32 1e4d5873866-1e4d5873870 RtlFormatCurrentUserKeyPath 26->32 27->28 33 1e4d5873739-1e4d5873751 27->33 28->21 34 1e4d587396b-1e4d587397e 30->34 35 1e4d5873942-1e4d5873943 30->35 31->30 48 1e4d58738fd-1e4d5873905 31->48 32->25 36 1e4d5873872-1e4d5873883 32->36 39 1e4d5873757-1e4d5873758 33->39 40 1e4d5873844-1e4d5873848 33->40 34->18 52 1e4d5873984-1e4d587398f 34->52 41 1e4d5873945-1e4d5873964 35->41 37 1e4d5873885-1e4d5873891 36->37 38 1e4d587389e-1e4d58738a6 36->38 56 1e4d58738c7-1e4d58738c8 37->56 57 1e4d5873893-1e4d587389c 37->57 43 1e4d58738a8-1e4d58738c4 call 1e4d5861000 38->43 44 1e4d587375b-1e4d587376b 39->44 47 1e4d587384a-1e4d587384b 40->47 41->41 45 1e4d5873966-1e4d5873967 41->45 43->56 51 1e4d587377d-1e4d587377f 44->51 45->34 47->28 53 1e4d5873917 48->53 54 1e4d5873907-1e4d5873915 48->54 59 1e4d5873781-1e4d5873786 51->59 60 1e4d587376d-1e4d587377b 51->60 52->18 61 1e4d5873995-1e4d58739a3 52->61 53->30 55 1e4d5873919-1e4d5873934 53->55 54->30 55->30 56->25 57->43 62 1e4d5873811-1e4d5873814 59->62 63 1e4d587378c 59->63 60->51 61->18 64 1e4d58739a9-1e4d58739b1 61->64 65 1e4d5873816-1e4d587381a 62->65 66 1e4d5873821-1e4d5873830 62->66 67 1e4d587378e-1e4d5873795 63->67 64->18 68 1e4d58739b7-1e4d58739d7 64->68 65->66 69 1e4d587381c-1e4d587381d 65->69 66->44 70 1e4d5873836-1e4d5873842 66->70 71 1e4d5873797-1e4d58737ab 67->71 72 1e4d58737af-1e4d58737db 67->72 68->18 79 1e4d58739dd-1e4d5873a01 68->79 69->66 70->47 71->67 73 1e4d58737ad 71->73 74 1e4d5873803-1e4d5873804 72->74 75 1e4d58737dd-1e4d58737f1 call 1e4d587452c 72->75 73->62 77 1e4d5873809-1e4d587380a 74->77 75->74 83 1e4d58737f3-1e4d5873801 75->83 77->62 81 1e4d5873a07-1e4d5873a1a 79->81 82 1e4d5873b20-1e4d5873b5b 79->82 84 1e4d5873a1c-1e4d5873a26 81->84 90 1e4d5873bb3-1e4d5873bc3 82->90 91 1e4d5873b5d-1e4d5873b5e 82->91 83->77 85 1e4d5873af1-1e4d5873b03 84->85 86 1e4d5873a2c-1e4d5873a30 84->86 85->84 88 1e4d5873b09-1e4d5873b1e 85->88 86->85 89 1e4d5873a36-1e4d5873a80 call 1e4d5874540 86->89 88->82 99 1e4d5873a94-1e4d5873a96 89->99 90->18 98 1e4d5873bc9-1e4d5873bdf 90->98 93 1e4d5873b60-1e4d5873b68 91->93 96 1e4d5873b6a-1e4d5873b6f 93->96 97 1e4d5873b95-1e4d5873ba9 93->97 96->97 100 1e4d5873b71-1e4d5873b7a 96->100 97->93 101 1e4d5873bab-1e4d5873bac 97->101 102 1e4d5873c55-1e4d5873c5b 98->102 103 1e4d5873be1-1e4d5873be2 98->103 104 1e4d5873a98-1e4d5873aae 99->104 105 1e4d5873a82-1e4d5873a92 99->105 106 1e4d5873b7d-1e4d5873b80 100->106 101->90 107 1e4d5873cae-1e4d5873cb5 102->107 108 1e4d5873c5d-1e4d5873c61 102->108 109 1e4d5873be4-1e4d5873bef 103->109 110 1e4d5873ab0-1e4d5873ab8 104->110 111 1e4d5873aed 104->111 105->99 112 1e4d5873b89-1e4d5873b93 106->112 113 1e4d5873b82 106->113 117 1e4d5873cbb-1e4d5873cdb call 1e4d58632f8 107->117 118 1e4d5873d62-1e4d5873d64 107->118 114 1e4d5873c68-1e4d5873c73 108->114 115 1e4d5873bf1-1e4d5873bfe 109->115 116 1e4d5873c00-1e4d5873c14 109->116 110->111 119 1e4d5873aba 110->119 111->85 112->97 112->106 113->112 120 1e4d5873c95-1e4d5873cac 114->120 121 1e4d5873c75-1e4d5873c81 114->121 115->116 135 1e4d5873c18-1e4d5873c27 115->135 116->102 122 1e4d5873c16 116->122 136 1e4d5873cf0-1e4d5873d04 call 1e4d58632f8 117->136 137 1e4d5873cdd-1e4d5873cee call 1e4d58635b4 117->137 125 1e4d5873d66-1e4d5873d70 118->125 126 1e4d5873d90-1e4d5873d99 118->126 124 1e4d5873abc-1e4d5873ad5 call 1e4d587452c 119->124 120->107 120->114 121->120 128 1e4d5873c83-1e4d5873c8a 121->128 122->109 144 1e4d5873ad7-1e4d5873add 124->144 145 1e4d5873ae1-1e4d5873ae7 124->145 125->126 132 1e4d5873d72-1e4d5873d8c 125->132 126->22 127 1e4d5873d9b-1e4d5873db2 call 1e4d5866db4 call 1e4d58655f0 126->127 127->22 128->120 134 1e4d5873c8c-1e4d5873c93 128->134 132->126 134->120 141 1e4d5873c29-1e4d5873c46 135->141 142 1e4d5873c48 135->142 136->118 151 1e4d5873d06-1e4d5873d17 call 1e4d58635b4 136->151 137->136 154 1e4d5873d19-1e4d5873d2f call 1e4d5872310 137->154 146 1e4d5873c4d-1e4d5873c4f 141->146 142->146 144->124 150 1e4d5873adf 144->150 145->111 146->102 146->126 150->111 151->118 151->154 154->118 159 1e4d5873d31-1e4d5873d41 154->159 159->118 161 1e4d5873d43-1e4d5873d5c 159->161 161->118
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: CurrentFormatPathUsercalloc
                                            • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                            • API String ID: 4207655178-84560671
                                            • Opcode ID: 1512b8534d4c685afcc9061355cc33150ae67fa718ee72ec55426bd84ba67b64
                                            • Instruction ID: 4e77b9fd00175aed4efe55a17e0470adc8d1454822a76c181332fe380acd5e79
                                            • Opcode Fuzzy Hash: 1512b8534d4c685afcc9061355cc33150ae67fa718ee72ec55426bd84ba67b64
                                            • Instruction Fuzzy Hash: 59A27CB0918B888FD375DF18D8857EAB7E4FBA9701F500A2ED88AC3251DF7495518B83
                                            Function 00007DF4E2E91CE8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 296processnativethreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000003.2059711361.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_3_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumecallocfree
                                            • String ID: -
                                            • API String ID: 167522227-2547889144
                                            • Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                            • Instruction ID: 9600784f4e35fca091c34f390a3c5b1d77c7b45962217bcbe07eb841f0a473fc
                                            • Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                            • Instruction Fuzzy Hash: 22919230A0CAA94BEB54EB29D8947AB73E1FF94301F04456FD98BC7191DF78E9018782
                                            Function 000001E4D586CDF4 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                            • String ID:
                                            • API String ID: 2502124517-0
                                            • Opcode ID: 1f39a579d535edce93b33f8ad890ac1eeea552d42be0d6d7d28d92d913c1a808
                                            • Instruction ID: 18ca3de67087f648a17459ca5c36aaf0b9821094ad912160c310c1edd810a0ae
                                            • Opcode Fuzzy Hash: 1f39a579d535edce93b33f8ad890ac1eeea552d42be0d6d7d28d92d913c1a808
                                            • Instruction Fuzzy Hash: 2831B5706086488FE795EF68D8C4B9A77E4FB94310F104A29E45BC31D1DF78C955CB81
                                            Function 00007DF4E2E92704 Relevance: 4.5, APIs: 3, Instructions: 40nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2963967390.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: InformationQuerySystem$malloc
                                            • String ID:
                                            • API String ID: 1603438391-0
                                            • Opcode ID: eaf85d99e703aa885d9be82610ad3d8d03a394a4204a017367fdf17adc8f3dbe
                                            • Instruction ID: 82c05ab1a3219a2c622003c3720ad69048148ff31a53ec1b655bc15263829774
                                            • Opcode Fuzzy Hash: eaf85d99e703aa885d9be82610ad3d8d03a394a4204a017367fdf17adc8f3dbe
                                            • Instruction Fuzzy Hash: 8B013130B199559FEB85EF28DC68B6677E5FB94301F44012DE84BC21A0DF38D945CB42
                                            Function 000001E4D5872C64 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 268 1e4d5872c64-1e4d5872c7d 269 1e4d5872c87-1e4d5872c8a 268->269 270 1e4d5872c7f-1e4d5872c82 268->270 272 1e4d5872c96-1e4d5872cab 269->272 273 1e4d5872c8c-1e4d5872c91 269->273 271 1e4d5872d1a-1e4d5872d22 270->271 274 1e4d5872cb7-1e4d5872ce6 272->274 275 1e4d5872cad-1e4d5872cb1 272->275 273->271 276 1e4d5872ce8-1e4d5872cf4 NtAcceptConnectPort 274->276 277 1e4d5872cf6 274->277 275->274 278 1e4d5872cfb-1e4d5872cfd 276->278 277->278 279 1e4d5872d18 278->279 280 1e4d5872cff-1e4d5872d09 278->280 279->271 281 1e4d5872d0b-1e4d5872d0f 280->281 282 1e4d5872d11 280->282 283 1e4d5872d16 281->283 282->283 283->279
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: f6b0f352e34b93935ac2a1f97fa2b0892be8d0a68ee0d9962c8f94757f801c03
                                            • Instruction ID: b0acb87f28f548569e2ca384c465c08367bd5e31668b083d436b35dd7095110a
                                            • Opcode Fuzzy Hash: f6b0f352e34b93935ac2a1f97fa2b0892be8d0a68ee0d9962c8f94757f801c03
                                            • Instruction Fuzzy Hash: A7215171A049888FE750EF99ECC47BDB6D0F7E9351F60053EF94AC3250DB2889648785
                                            Function 000001E4D5862628 Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 356 1e4d5862628-1e4d5862662 call 1e4d58a2c58 359 1e4d5862668-1e4d586267c call 1e4d58a2c52 Thread32First 356->359 360 1e4d5862734-1e4d5862737 356->360 366 1e4d5862681-1e4d5862686 359->366 362 1e4d586288a-1e4d586289d 360->362 363 1e4d586273d-1e4d5862745 360->363 363->362 365 1e4d586274b-1e4d586274c 363->365 367 1e4d586274e-1e4d5862767 365->367 368 1e4d5862712-1e4d586271e call 1e4d58a2c4c 366->368 369 1e4d586268c-1e4d5862696 366->369 374 1e4d586287a-1e4d5862884 367->374 375 1e4d586276d-1e4d5862784 SuspendThread 367->375 373 1e4d5862723-1e4d5862725 368->373 369->368 376 1e4d5862698-1e4d58626a2 369->376 373->366 377 1e4d586272b-1e4d586272e CloseHandle 373->377 374->362 374->367 378 1e4d5862792-1e4d5862794 375->378 376->368 384 1e4d58626a4-1e4d58626aa 376->384 377->360 379 1e4d586279a-1e4d586279e 378->379 380 1e4d586286f-1e4d5862878 378->380 382 1e4d58627a0-1e4d58627aa 379->382 383 1e4d58627ac-1e4d58627ad 379->383 380->374 385 1e4d58627b0-1e4d58627b2 382->385 383->385 387 1e4d58626d2-1e4d58626d8 384->387 388 1e4d58626ac-1e4d58626ce 384->388 385->380 389 1e4d58627b8-1e4d58627ce 385->389 390 1e4d58626da-1e4d58626f4 387->390 391 1e4d5862701-1e4d586270e 387->391 388->377 397 1e4d58626d0 388->397 392 1e4d58627d0-1e4d58627e1 389->392 390->377 398 1e4d58626f6-1e4d58626fe 390->398 391->368 395 1e4d58627fa 392->395 396 1e4d58627e3-1e4d58627e6 392->396 401 1e4d58627fc-1e4d5862806 395->401 399 1e4d58627e8-1e4d58627f1 396->399 400 1e4d58627f3-1e4d58627f8 396->400 397->391 398->391 399->401 400->401 402 1e4d5862808-1e4d586280a 401->402 403 1e4d586285e-1e4d5862866 401->403 405 1e4d58628a9-1e4d58628ad 402->405 406 1e4d5862810-1e4d586281d 402->406 403->392 404 1e4d586286c-1e4d586286d 403->404 404->380 407 1e4d58628bb-1e4d58628c8 405->407 408 1e4d58628af-1e4d58628b9 405->408 409 1e4d5862839 406->409 410 1e4d586281f-1e4d586282a 406->410 411 1e4d58628ca-1e4d58628d6 407->411 412 1e4d58628e5-1e4d58628e9 407->412 408->407 413 1e4d586283b-1e4d586283e 408->413 409->413 414 1e4d586289e-1e4d58628a7 410->414 415 1e4d586282c-1e4d5862837 410->415 416 1e4d58628d8-1e4d58628e3 411->416 417 1e4d58628f7-1e4d58628ff 411->417 412->409 419 1e4d58628ef-1e4d58628f2 412->419 413->403 418 1e4d5862840-1e4d5862857 413->418 414->413 415->409 415->410 416->411 416->412 417->413 418->403 419->413
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: CloseHandleSuspendThread
                                            • String ID:
                                            • API String ID: 1038686644-0
                                            • Opcode ID: ee0b4b29cbf429cf193f7da3647d56e0b1a845656fd74a12addcfb7ee39e090b
                                            • Instruction ID: 89545360c0ff5f52dd04645c1fcff4c962e01e308bc1637b3740f5fcf45a4f51
                                            • Opcode Fuzzy Hash: ee0b4b29cbf429cf193f7da3647d56e0b1a845656fd74a12addcfb7ee39e090b
                                            • Instruction Fuzzy Hash: AD910130A08A55CBEB68DB58EC527BDB3D1FB65310F14499DE84BC6181DE39D862CBC2
                                            Function 00007DF4E2EA22CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2964096876.00007DF4E2EA1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2EA1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_7df4e2ea1000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FunctionProtectTableTimerVirtual
                                            • String ID:
                                            • API String ID: 2248422592-0
                                            • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                            • Instruction ID: 90b0ae587b706d0b708b22168dfd0c9c3d04e0a0fc4a914d4d0bea04ce4dc50c
                                            • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                            • Instruction Fuzzy Hash: BEE16470A0CA595FEB54EF28D8996AA77E1FF98300F14453EE48BC31A1DF34EA458B41
                                            Function 000001E4D586C25C Relevance: 1.8, APIs: 1, Instructions: 560memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 1463b6e579e83794cd598155eb9e3160b38bf0e3bcb0f61670329aaf0c67c5a2
                                            • Instruction ID: 697be9f45431d21744959a0915d1ec2acba845243478d9a6f438951a0bb50530
                                            • Opcode Fuzzy Hash: 1463b6e579e83794cd598155eb9e3160b38bf0e3bcb0f61670329aaf0c67c5a2
                                            • Instruction Fuzzy Hash: A3F12730A185A48FE72DAA6CEC862BD77D1F795301F28066EE8DBC2183DD28C55687C1
                                            Function 000001E4D58729D4 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: f13696e1930880e2e19ebf6412232386b6a4ab7a0f564d2111b2459b68bcc0da
                                            • Instruction ID: 039ee4b5a513e446c7267ad68b2c7f1ec2b685c8e38a3eb8604f4a8602d99682
                                            • Opcode Fuzzy Hash: f13696e1930880e2e19ebf6412232386b6a4ab7a0f564d2111b2459b68bcc0da
                                            • Instruction Fuzzy Hash: 5B816130A18B89CBF7659A9AE8457AEF3D1FBA4300F504619FC47C3191EF68D86186C2
                                            Function 000001E4D58727B8 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: d9381645012d00cf6e7f8dfe8da443d67e907387f0873f85681973196ff3555c
                                            • Instruction ID: fbc5145336ca11d2cf533d1c33e79f8feddc6bd87e78d4ddc6c52adccc6a6e22
                                            • Opcode Fuzzy Hash: d9381645012d00cf6e7f8dfe8da443d67e907387f0873f85681973196ff3555c
                                            • Instruction Fuzzy Hash: 7BF0DA74E18B848FDB64EF2CD889B9AB7E0FBA9300F60451DE84CC3245DB34D8548B86
                                            Function 000001E4D5872990 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 98d03459468cdcd74854b97b597847e55f0ea75636d4913b4c299d0c762e3800
                                            • Instruction ID: 0407b061f687ecde3680a9ab4b56c935a47380dd2edfde1f508f3a08ed1f2d0e
                                            • Opcode Fuzzy Hash: 98d03459468cdcd74854b97b597847e55f0ea75636d4913b4c299d0c762e3800
                                            • Instruction Fuzzy Hash: B9E065716086448FDB00DF94DCC1A69B3E4F795304F444D29E84AC6164D664D558C692
                                            Function 000001E4D587252C Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 27a0ab9b8b81d19b55a36d5b88940b5d877d47714e961321c564cf766a84aa8c
                                            • Instruction ID: 358f561c18ee16c1b65c467dfbb818f3f7faf6603d54546b3f4ec0269806e8ea
                                            • Opcode Fuzzy Hash: 27a0ab9b8b81d19b55a36d5b88940b5d877d47714e961321c564cf766a84aa8c
                                            • Instruction Fuzzy Hash: 0DD01234E18B858BD750EB6DD9416097BE2B7D9314F544618FC4983310E73CD4518686
                                            Function 000001E4D587288C Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 1d483c746a178fd7cebb358bd60c8d391381be698edd62c71eedc0381d53c554
                                            • Instruction ID: bbbc4fd27c7f832e60d32a0a8e0e26b9403eedfc8c86cfbc275f3f9dc95e366c
                                            • Opcode Fuzzy Hash: 1d483c746a178fd7cebb358bd60c8d391381be698edd62c71eedc0381d53c554
                                            • Instruction Fuzzy Hash: A0D05E34E28B898BEA10B7699D4160976E1F7A5308F904608AC49C2254DA3ED42042C2
                                            Function 000001E4D58728B8 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: bd75e34d41d0a0c218f00c4b384fa59cf13494ae4b0fc6bee219bc2a66024f0a
                                            • Instruction ID: 9d0374bf23e0b42e1fe5fa46124e2bffa8f5d7cbef21e8e0105894add0ffa105
                                            • Opcode Fuzzy Hash: bd75e34d41d0a0c218f00c4b384fa59cf13494ae4b0fc6bee219bc2a66024f0a
                                            • Instruction Fuzzy Hash: 7AD01234D587858BD610AB69DC416097BE1BBD9314F644618F88583314E73DD4518786
                                            Function 000001E4D5872418 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 2134b33d09b848e70ba1f23de37cfdd97cd4e92c7083e33fbb9b34bfa8345c36
                                            • Instruction ID: 7f4645e95c623f6adc1c3bfaa2351e9af6533fe515f7f10df7018b8bd4aed441
                                            • Opcode Fuzzy Hash: 2134b33d09b848e70ba1f23de37cfdd97cd4e92c7083e33fbb9b34bfa8345c36
                                            • Instruction Fuzzy Hash: AEC04C24E1584B9BE96562FBDD8175D61D0B7AA354FC50010BC0AC2180FA4DD9F543D6
                                            Function 000001E4D58728E8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,000001E4D586531B), ref: 000001E4D58728F8
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AcceptConnectPort
                                            • String ID:
                                            • API String ID: 1658770261-0
                                            • Opcode ID: 14fbc5d4ea2d13eb613c5f0cfb1986910ad3174e43fd425e2ce4bb45159b65c3
                                            • Instruction ID: 1f2e5740ed697fbc1bac6ced27096bba0b4b5d794e2d37abbf0e7e31109767a0
                                            • Opcode Fuzzy Hash: 14fbc5d4ea2d13eb613c5f0cfb1986910ad3174e43fd425e2ce4bb45159b65c3
                                            • Instruction Fuzzy Hash: 1CC04C24A19D4F9BE954A2EA9D82B5C6290B759354FC40400AC16C2180EE1DD5F453D6
                                            Function 00007DF4E2E91438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000003.2059711361.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_3_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: CloseInformationOpenQueryValueVolume
                                            • String ID:
                                            • API String ID: 4069062851-0
                                            • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                            • Instruction ID: a925cc71a0a5f605faf97d6b66eebb1aab1090fad56108b1d9d98fefca269659
                                            • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                            • Instruction Fuzzy Hash: 28413F3051CA588BE755EB28D899BDBB3F1FB94305F004A6FE48BC6191DF78D6048B42
                                            Function 000001E4D5877DA0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: socket$ErrorModegetsockopt
                                            • String ID:
                                            • API String ID: 552242919-0
                                            • Opcode ID: 3bad8950bc8ed42d49e75fcab8a12e6def80f6fb96da2e8da31b13afe45452c3
                                            • Instruction ID: d0d784fdea340f89bd5958c49da2ae5d646d3a31854a7e72fbd0b7703f573f65
                                            • Opcode Fuzzy Hash: 3bad8950bc8ed42d49e75fcab8a12e6def80f6fb96da2e8da31b13afe45452c3
                                            • Instruction Fuzzy Hash: 83418730618689CFE755EF29EC986AA77E2FBA8300F50463DE447C32A1DF788515CB81
                                            Function 000001E4D586DFC4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID: rE\
                                            • API String ID: 544645111-988334199
                                            • Opcode ID: fd197d1d460a7a7097ebc69198cfe8898b84731961e3c45740b5833891c72836
                                            • Instruction ID: 030cdde3b42dc04f40dcd096b1cbdd90cbfe0e26f2f907d1949f7c574faf3f6b
                                            • Opcode Fuzzy Hash: fd197d1d460a7a7097ebc69198cfe8898b84731961e3c45740b5833891c72836
                                            • Instruction Fuzzy Hash: 761186317049484BEB45FB58E8D5BED72D6F7E4341F504929A80BC3286EE2CD9658782
                                            Function 000001E4D586BBF0 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: File$CloseHandleMappingOpenView
                                            • String ID:
                                            • API String ID: 2553196624-0
                                            • Opcode ID: 8bb8605ac1c349b7ed951fd2da0efd1c73228fe5391c7a5f19e2fcd3618d3200
                                            • Instruction ID: 34302f5f58e45f481d79d0bf4b49e8e485b4702574b94ec95b3f592c165d52ca
                                            • Opcode Fuzzy Hash: 8bb8605ac1c349b7ed951fd2da0efd1c73228fe5391c7a5f19e2fcd3618d3200
                                            • Instruction Fuzzy Hash: 5731A431A14948CFEB55FF64E8866EEB3D4FBA4301F50493AA84BC3191DE34D6698782
                                            Function 000001E4D586B9D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: CreateWindow
                                            • String ID: P
                                            • API String ID: 716092398-3110715001
                                            • Opcode ID: 3958d680dd61ed40200acf61cd907bfc270c34c5250da5fbb8d7e78c828db693
                                            • Instruction ID: 55b81a23924ab74911e205e35c424e30ddfb91ee7e59da7c55b892f03d815dc1
                                            • Opcode Fuzzy Hash: 3958d680dd61ed40200acf61cd907bfc270c34c5250da5fbb8d7e78c828db693
                                            • Instruction Fuzzy Hash: B0514D70518B448FE7A5EF68E88679AB7E4FBA5311F108A2EE48EC3150DF349545CB83
                                            Function 00007DF4E2E93018 Relevance: 3.3, APIs: 2, Instructions: 297windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 285 7df4e2e93018-7df4e2e9304d call 7df4e2e91478 288 7df4e2e932e0-7df4e2e93302 call 7df4e2e934f0 285->288 289 7df4e2e93053-7df4e2e93068 call 7df4e2e91538 285->289 289->288 294 7df4e2e9306e-7df4e2e9309c call 7df4e2e91708 call 7df4e2e91740 call 7df4e2e91818 289->294 294->288 302 7df4e2e930a2-7df4e2e930ca 294->302 302->288 304 7df4e2e930d0-7df4e2e930d8 302->304 305 7df4e2e930de-7df4e2e93122 call 7df4e2e9365c * 2 304->305 306 7df4e2e9318a-7df4e2e9320a call 7df4e2e93520 call 7df4e2e9368c call 7df4e2e93686 call 7df4e2e93680 SendMessageA 304->306 319 7df4e2e93185-7df4e2e93188 305->319 331 7df4e2e93213-7df4e2e93219 306->331 319->306 322 7df4e2e93124-7df4e2e93128 319->322 323 7df4e2e93130-7df4e2e93146 calloc 322->323 324 7df4e2e9312a-7df4e2e9312e 322->324 326 7df4e2e93182-7df4e2e93183 323->326 327 7df4e2e93148-7df4e2e93163 call 7df4e2e93510 323->327 324->323 324->326 326->319 332 7df4e2e93171-7df4e2e93175 327->332 333 7df4e2e93165-7df4e2e9316f 327->333 334 7df4e2e932dd-7df4e2e932de 331->334 335 7df4e2e9321f-7df4e2e93225 331->335 332->326 336 7df4e2e93177-7df4e2e9317f 332->336 333->326 334->288 335->334 337 7df4e2e9322b-7df4e2e9323d 335->337 336->326 337->334 339 7df4e2e93243-7df4e2e93256 call 7df4e2e93510 337->339 342 7df4e2e932bf-7df4e2e932d2 339->342 344 7df4e2e932d4-7df4e2e932d5 342->344 345 7df4e2e93258-7df4e2e9325b 342->345 344->334 346 7df4e2e932bd 345->346 347 7df4e2e9325d-7df4e2e93280 call 7df4e2e9365c 345->347 346->342 351 7df4e2e93282-7df4e2e93288 347->351 352 7df4e2e9328a-7df4e2e932b7 call 7df4e2e9365c 347->352 351->346 352->346
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2963967390.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                            • String ID:
                                            • API String ID: 2453823186-0
                                            • Opcode ID: 06791c2761ba3497e0c9077ab5921302019734c58a86a701aa2be8a22ea6a1e2
                                            • Instruction ID: c18a088466affe3271033aa5eef5474e821274f1552b47bebd7d2a1152c4e418
                                            • Opcode Fuzzy Hash: 06791c2761ba3497e0c9077ab5921302019734c58a86a701aa2be8a22ea6a1e2
                                            • Instruction Fuzzy Hash: 03917530A0CAA84FEB54EB6CD4956AA73F2FB54300B50467FD48FC3191DA38E945CB81
                                            Function 000001E4D58622D0 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 421 1e4d58622d0-1e4d58622ff GetSystemInfo 422 1e4d5862301-1e4d586230c 421->422 423 1e4d586230f-1e4d5862325 421->423 422->423 424 1e4d586232b-1e4d586232e 423->424 425 1e4d586234a-1e4d5862350 424->425 426 1e4d5862330-1e4d5862333 424->426 429 1e4d58623cb-1e4d58623ce 425->429 430 1e4d5862352-1e4d5862362 425->430 427 1e4d5862345-1e4d5862348 426->427 428 1e4d5862335-1e4d5862338 426->428 427->424 428->427 432 1e4d586233a-1e4d586233f 428->432 431 1e4d586245a 429->431 433 1e4d5862391-1e4d5862397 430->433 436 1e4d5862467-1e4d586247e 431->436 437 1e4d586245c-1e4d586245f 431->437 432->427 438 1e4d58624ad-1e4d58624bf 432->438 434 1e4d5862399 433->434 435 1e4d5862364-1e4d586237b 433->435 439 1e4d586239b-1e4d586239e 434->439 435->434 450 1e4d586237d-1e4d5862385 435->450 442 1e4d5862480-1e4d586249a 436->442 440 1e4d5862465 437->440 441 1e4d58623d3-1e4d58623f1 437->441 439->429 443 1e4d58623a0-1e4d58623c0 VirtualAlloc 439->443 440->438 445 1e4d5862433 441->445 446 1e4d58623f3-1e4d586240a 441->446 442->442 444 1e4d586249c-1e4d58624a7 442->444 443->436 448 1e4d58623c6-1e4d58623c9 443->448 444->438 449 1e4d5862435-1e4d5862438 445->449 446->445 454 1e4d586240c-1e4d5862414 446->454 448->429 448->430 449->438 452 1e4d586243a-1e4d5862458 449->452 450->439 453 1e4d5862387-1e4d586238f 450->453 452->431 453->433 453->434 454->449 455 1e4d5862416-1e4d5862431 454->455 455->445 455->446
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AllocInfoSystemVirtual
                                            • String ID:
                                            • API String ID: 3440192736-0
                                            • Opcode ID: 9420d4d47bb5eb7f06d7fea4bf54311970c83033f74d5905fb72208c54926d5e
                                            • Instruction ID: 75136da8590d6f651266ebaa72120334df28939dccbf6ebe6093497834562c09
                                            • Opcode Fuzzy Hash: 9420d4d47bb5eb7f06d7fea4bf54311970c83033f74d5905fb72208c54926d5e
                                            • Instruction Fuzzy Hash: EB51EB30A18E4D8FE755EB9CE8483ADB2D1F7A8301F104569F84AC3194EE78C86187C1
                                            Function 000001E4D586D594 Relevance: 3.1, APIs: 2, Instructions: 132fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: CloseFileHandleView
                                            • String ID:
                                            • API String ID: 3964672402-0
                                            • Opcode ID: f5e4ace49f8dbf4d208ab68c6c07d1c08f373a7b01313fe5be4b999b6ef0fbb6
                                            • Instruction ID: eef40b59e9f28b08aa22ee9943d46f4eb6ff2cd5b3dff651e03162a8aa63f9af
                                            • Opcode Fuzzy Hash: f5e4ace49f8dbf4d208ab68c6c07d1c08f373a7b01313fe5be4b999b6ef0fbb6
                                            • Instruction Fuzzy Hash: C8418131A15948CFE755FFA8EC85BAE73A4FBA5305F004919B80AC3195DF28D8658BC1
                                            Function 000001E4D5862974 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 9af94119fb7637b7a971dd9e5dfe6689dbe62cc4b897151fb24c5dcbfab40a36
                                            • Instruction ID: 7fae4a4fce34a10dc8e3f352e36d053c373dc057891cef3bf81d3d1fdf4fd9c0
                                            • Opcode Fuzzy Hash: 9af94119fb7637b7a971dd9e5dfe6689dbe62cc4b897151fb24c5dcbfab40a36
                                            • Instruction Fuzzy Hash: 6D314D307086854BEB149F6CEC947997BC0FBAA315F1502D5EC8AC72C5DB58C812C382
                                            Function 00007DF4E2E912C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000003.2059711361.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_3_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                            • Instruction ID: 0a8a9de29404f1a01adc9f6428d06ee0e3b35d27ac8d5b58f23a56dff433b095
                                            • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                            • Instruction Fuzzy Hash: D521E121A086B547DB18DB2C944077AB3F1FF90340F1901BFEC8BCBA85D668EA018245
                                            Function 00007DF4E2E91740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2963967390.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 555ee51bdfbe110a30625e9d65cd405c650e6e50b938efdbc78372c29de57681
                                            • Instruction ID: d3830538a3d1ab6ffdce1d404336811645ecf6664e18d635a29cf59116527687
                                            • Opcode Fuzzy Hash: 555ee51bdfbe110a30625e9d65cd405c650e6e50b938efdbc78372c29de57681
                                            • Instruction Fuzzy Hash: 5F21D135E086B647EB189B2C9484777B3F1FF95300F1841AFE88BCB285D66AEA418245
                                            Function 00007DF4E2EA12C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2964096876.00007DF4E2EA1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2EA1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_7df4e2ea1000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                            • Instruction ID: 451bef0a85dc0385057bccec7770105dce8dd9d18cfac27883b0ada947f8ca95
                                            • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                            • Instruction Fuzzy Hash: FD21F3B5A085A567EF188F2C8440776B3F5FF90340F19493EECCBCBA85D768EA098255
                                            Function 000001E4D58A4468 Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                            • Instruction ID: f3854041c8b5fdf123733cc8c20ff48b385028c020d4d312999ab28f3ebeebf2
                                            • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                            • Instruction Fuzzy Hash: A5F0127061AD0A8FEF94DBA9D884B6533D1FF68310F601154A819C7195EE69DC61C784
                                            Function 00007DF4E2E915E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000003.2059711361.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_3_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FileMappingOpen
                                            • String ID:
                                            • API String ID: 1680863896-0
                                            • Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                            • Instruction ID: e903368c35c2fcb491b6faafcc44427fa912e22e51a468cbf4796fecb646537d
                                            • Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                            • Instruction Fuzzy Hash: 78716370A1C7984FD775DB28D4857ABB7E1FB94300F044A6FE9CFC2156EA34A9058B82
                                            Function 000001E4D586CA8C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: e26a3d902f64fdb1e6a29b1ddfd8af137ced715061d327bbcfc87f3b72d7e64f
                                            • Instruction ID: 76ef7df1460174c792d69b4b7d805e9e450b5b9de8c7e09e73f674298d1030e4
                                            • Opcode Fuzzy Hash: e26a3d902f64fdb1e6a29b1ddfd8af137ced715061d327bbcfc87f3b72d7e64f
                                            • Instruction Fuzzy Hash: 4871EC71608B48CFE769EB58EC916A973E1F7A4710F100A1DE88BC3192DF38E96587C1
                                            Function 000001E4D5866C10 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: c27442c9625b69612e30a0c621dafdc38b3cd1b2ea33eefe8ec2cdf5f7c33623
                                            • Instruction ID: b6506c57431d2e4aa620951cf2f08b3bc1b37dd9fcf30c23a9372adb6c6f9000
                                            • Opcode Fuzzy Hash: c27442c9625b69612e30a0c621dafdc38b3cd1b2ea33eefe8ec2cdf5f7c33623
                                            • Instruction Fuzzy Hash: 1C416230B14A888BEB59A775EC917EE32D5FBA4310F400A29BC57C31D2DE3DD9318681
                                            Function 000001E4D586778C Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: InformationVolume
                                            • String ID:
                                            • API String ID: 2039140958-0
                                            • Opcode ID: c6fe4b8a49b1c432d16a5d1b2244a4336856686fe2f0bc0d983b446ba2d85ae3
                                            • Instruction ID: 23bd57db4b7b396ca6b86a14e730e89e9267081478e9c08b4b5577e0a95ca850
                                            • Opcode Fuzzy Hash: c6fe4b8a49b1c432d16a5d1b2244a4336856686fe2f0bc0d983b446ba2d85ae3
                                            • Instruction Fuzzy Hash: 91413F715187888BE76AEF64D895BDFB3E0FBA4300F004A1DB48AC3191EF799555CB82
                                            Function 000001E4D586CCD0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 2f464fde3477c0bba4832f44d3340180ae7d23497e5ed422822a87f1e6a42210
                                            • Instruction ID: c06b73133f0adb775b0aa29726324f9d30d463b1b510bfabb8cb697fc8bf1a56
                                            • Opcode Fuzzy Hash: 2f464fde3477c0bba4832f44d3340180ae7d23497e5ed422822a87f1e6a42210
                                            • Instruction Fuzzy Hash: 9A01C471604A4C8FEB40FB59D8819ADB3E9FBE8310F50062AF84AC2150EF24EA648781
                                            Function 000001E4D5862904 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: a3e65a005f3911c52a3a19618f507bf36bcbd5794d57615cb3bbd7cad2f75c67
                                            • Instruction ID: 4f4db30616662dab7cad42c73bcc8d73244d56ff3c335ade39aba1dd15fac5ed
                                            • Opcode Fuzzy Hash: a3e65a005f3911c52a3a19618f507bf36bcbd5794d57615cb3bbd7cad2f75c67
                                            • Instruction Fuzzy Hash: E5012B31B149098FFB54EBADEC58A6973D1FBCA316B4444A5E80AC7144D93D9C51CB81
                                            Function 00007DF4E2E92F60 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2963967390.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: EventHook
                                            • String ID:
                                            • API String ID: 3661607649-0
                                            • Opcode ID: e6b188324f96a1e03f166e4287a2793acb406422b2b30f8b11d607c185f61fee
                                            • Instruction ID: 62779e3cd5725f144c719e76fb7146cad81387ad864168eb9451a35ad2de85f0
                                            • Opcode Fuzzy Hash: e6b188324f96a1e03f166e4287a2793acb406422b2b30f8b11d607c185f61fee
                                            • Instruction Fuzzy Hash: 14115230C1CA654FEB54AB6CD86979773A0FB10314F5006AED8CBC21D2DB3D96549741
                                            Function 000001E4D586BE7C Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 4d57d7d5982399080f90361c2699a999889f8feb933735bc5bb6e787f07df0d3
                                            • Instruction ID: 8caaea2960b173859fdfc6c6d16777ef8d3a400675e51812bb68f9ffdc3d38f3
                                            • Opcode Fuzzy Hash: 4d57d7d5982399080f90361c2699a999889f8feb933735bc5bb6e787f07df0d3
                                            • Instruction Fuzzy Hash: 01018630714A8C8FF745EBB9E8553AD3295F774301F10056AA45AC3291EE28CD248781
                                            Function 000001E4D5862B50 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: CreateHeap
                                            • String ID:
                                            • API String ID: 10892065-0
                                            • Opcode ID: eab2b32177be9564e25d5777707ea1ca30621b5695f0306aefe172fe800bc35c
                                            • Instruction ID: a72ed7b835505938c42463304d4c5075635e5336114dc3df75171f5d70d66d2e
                                            • Opcode Fuzzy Hash: eab2b32177be9564e25d5777707ea1ca30621b5695f0306aefe172fe800bc35c
                                            • Instruction Fuzzy Hash: 79F08C31E05A48CFF720AFB6AC943AE6242F399312F244D7AA806C6181DC2D88618380
                                            Function 000001E4D586697C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: AddressCallerProc
                                            • String ID:
                                            • API String ID: 2663294120-0
                                            • Opcode ID: c691d5039295ecc8b7e044fb40fc3c69618cf93c91779b6bda279d67736a12d8
                                            • Instruction ID: db24ac487985b8fc0403e4b577207fc6bbe5bebfc894342dae4e40fc26c3f624
                                            • Opcode Fuzzy Hash: c691d5039295ecc8b7e044fb40fc3c69618cf93c91779b6bda279d67736a12d8
                                            • Instruction Fuzzy Hash: F7E0C231B04C190BAB6861EE688CABA11C6D7EC273704027BF82DC3299ED14CC614381
                                            Function 00007DF4E2E91290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000003.2059711361.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_3_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FunctionTable
                                            • String ID:
                                            • API String ID: 1252446317-0
                                            • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                            • Instruction ID: 914a42bf43f215a8ffaecb402dadf1066bf7bf79f72cd53b0bb9474fb330497a
                                            • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                            • Instruction Fuzzy Hash: 79E04F30A049055BEB98E61DC80A7503AE0EB5830AF6446AEE509C9291CB79949BCF81
                                            Function 000001E4D5863C84 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FunctionTable
                                            • String ID:
                                            • API String ID: 1252446317-0
                                            • Opcode ID: a4029a93bfcd341c8676454adb8c6f5f12b6913b14ed0bccef0902b234b6dd47
                                            • Instruction ID: 426f19054781715fa83d28ea862aceffae418ee2db1a3756acba046b29e3316d
                                            • Opcode Fuzzy Hash: a4029a93bfcd341c8676454adb8c6f5f12b6913b14ed0bccef0902b234b6dd47
                                            • Instruction Fuzzy Hash: D7E04F305009059BEB98DB5DC90939036D1FBA830AF604258E805CA295CF39C4ABCF81
                                            Function 000001E4D58674A0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: ef59572018a9deb8cc9717970e2f4ccce5bc515e763955c946e33fff9a11c9f9
                                            • Instruction ID: 021576027e465d3a6de8dbc8412980cba424e110f1a0e29c164d918884c09610
                                            • Opcode Fuzzy Hash: ef59572018a9deb8cc9717970e2f4ccce5bc515e763955c946e33fff9a11c9f9
                                            • Instruction Fuzzy Hash: D9917430618A48CFEB45EF58E885AEA73E0FB65300F444959F84AC7196DF34E865CBC2
                                            Function 00007DF4E2E91708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2963967390.00007DF4E2E91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2E91000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_7df4e2e91000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FunctionTable
                                            • String ID:
                                            • API String ID: 1252446317-0
                                            • Opcode ID: 62df2a061ef9a83e40c3da8f8fbf33d98cfabe8aaf6c816d3fbd47a45bbcd3fe
                                            • Instruction ID: 19c4627c39d8cd815ec0c15a17285c3cb1756c08bc53c3b994ace9c11b7d6eec
                                            • Opcode Fuzzy Hash: 62df2a061ef9a83e40c3da8f8fbf33d98cfabe8aaf6c816d3fbd47a45bbcd3fe
                                            • Instruction Fuzzy Hash: 0EE04F305409064BEBA8E61DC84975036E0EB58306F6442AEE845CA291CB3A94ABCF42
                                            Function 00007DF4E2EA1290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2964096876.00007DF4E2EA1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E2EA1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_7df4e2ea1000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: FunctionTable
                                            • String ID:
                                            • API String ID: 1252446317-0
                                            • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                            • Instruction ID: 208293fc779fc9773fd4b652b676f959d237cbfef7e1e87d9abe6e25592977e8
                                            • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                            • Instruction Fuzzy Hash: FAE04F309049055BEBA8D61DC8097513AE0EB5C306F64466DE549C9291CB39D89BCF81
                                            Function 000001E4D5866950 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                            • Instruction ID: 57345c5b8ac80cea3d397ea132a2b7e2c5f6dc24ece6ad7bb9ffd4d27ab807e0
                                            • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                            • Instruction Fuzzy Hash: 3DD05E30720D0D5BEB48636E6C953695195E7D8321F50063AB81AC2286DD58CC660280
                                            Function 000001E4D586A76C Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID:
                                            • API String ID: 2803490479-0
                                            • Opcode ID: d2cb0783aaccdf533b8783a245833ea662784d452517a49626c29c14fb2d72e4
                                            • Instruction ID: d010eff9253f35ac1e857885ea84a31d25e76e42c6c086b9455b3a50ff447246
                                            • Opcode Fuzzy Hash: d2cb0783aaccdf533b8783a245833ea662784d452517a49626c29c14fb2d72e4
                                            • Instruction Fuzzy Hash: 7141A531614D0ECFDB94EF6CD889AA9B7E1FB78311710466AE409C3660DB34E8A1CBC0
                                            Function 000001E4D587D4AC Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: e53db298d0d7d8de9701e8a24c72cb59212fc55ca396913229799ff2ccd7724d
                                            • Instruction ID: 489bd719038e62d7dd4a4f108b79d10e1d98dfeeca7c4ee950d9b2bd9cb2f3e0
                                            • Opcode Fuzzy Hash: e53db298d0d7d8de9701e8a24c72cb59212fc55ca396913229799ff2ccd7724d
                                            • Instruction Fuzzy Hash: 5A116D30A02959CFEFA59FAAE8843A933D0FB68315F04017AEC09CA195CB348C65C7D1
                                            Function 000001E4D586A960 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 85df9ee76aeee916477ee65bd03fae0aa34298d7a375d21a792168504e9e5af9
                                            • Instruction ID: 9dcda15875b4b7c68397ac39a50f232c4eb9fb6d04be5b10bcfa442ecec69867
                                            • Opcode Fuzzy Hash: 85df9ee76aeee916477ee65bd03fae0aa34298d7a375d21a792168504e9e5af9
                                            • Instruction Fuzzy Hash: D3F09030210E0ECFEB89EF69D8D8769B3E0FB68305F600929D519C2590CB749C60CB41
                                            Function 000001E4D5864998 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2962577263.000001E4D5861000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001E4D5861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1e4d5861000_wmlaunch.jbxd
                                            Similarity
                                            • API ID: calloc
                                            • String ID:
                                            • API String ID: 2635317215-0
                                            • Opcode ID: f09fa07cc6f9e6f5b53de74bb20c91754370ab02738bba199ca246931610d18a
                                            • Instruction ID: 0795817357728bbe5ca8a53b3ffa464e1bdee27524f4693aedd120b60cc5b24f
                                            • Opcode Fuzzy Hash: f09fa07cc6f9e6f5b53de74bb20c91754370ab02738bba199ca246931610d18a
                                            • Instruction Fuzzy Hash: 37F08274690D098FF7849F6CEC9876936E5FBA9302F55046AA809C72B0DE78CCB58741

                                            Execution Graph

                                            Execution Coverage:2.4%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:0%
                                            Total number of Nodes:61
                                            Total number of Limit Nodes:0
                                            execution_graph 13611 2d392a32874 13612 2d392a3288e 13611->13612 13613 2d392a32893 LoadLibraryA 13612->13613 13614 2d392a32898 13612->13614 13613->13614 13663 2d392a59484 13664 2d392a594b6 13663->13664 13665 2d392a59493 13663->13665 13665->13664 13667 2d392a57f04 13665->13667 13670 2d392a57dd0 13667->13670 13669 2d392a57f4d 13669->13664 13671 2d392a57df4 socket 13670->13671 13673 2d392a57e0c 13670->13673 13672 2d392a57e27 13671->13672 13671->13673 13672->13673 13674 2d392a579e0 2 API calls 13672->13674 13673->13669 13674->13673 13675 2d392a59434 13676 2d392a59458 13675->13676 13677 2d392a5943e 13675->13677 13677->13676 13679 2d392a57ec0 13677->13679 13680 2d392a57dd0 3 API calls 13679->13680 13681 2d392a57ef1 13680->13681 13681->13676 13615 2d392a57dd0 13616 2d392a57df4 socket 13615->13616 13618 2d392a57e0c 13615->13618 13617 2d392a57e27 13616->13617 13616->13618 13617->13618 13620 2d392a579e0 13617->13620 13621 2d392a57a12 13620->13621 13622 2d392a57a35 CreateIoCompletionPort 13621->13622 13624 2d392a57a1d 13621->13624 13623 2d392a57a4d 13622->13623 13623->13624 13625 2d392a57a82 SetFileCompletionNotificationModes 13623->13625 13624->13618 13625->13624 13626 2d392a56e1c SetErrorMode 13627 2d392a56e30 13626->13627 13628 2d392a5a3f6 socket 13627->13628 13629 2d392a5a43a getsockopt 13628->13629 13630 2d392a5a483 socket 13628->13630 13629->13630 13632 2d392a5a4a3 13630->13632 13633 2d392a328a0 13634 2d392a328bc 13633->13634 13635 2d392a328ca 13634->13635 13636 2d392a328c1 GetProcAddressForCaller 13634->13636 13636->13635 13637 2d392a32690 13640 2d392a328d4 13637->13640 13641 2d392a326a2 13640->13641 13642 2d392a328dd 13640->13642 13642->13641 13643 2d392a32944 SetErrorMode 13642->13643 13644 2d392a32955 13643->13644 13646 2d392a3385c 13644->13646 13647 2d392a3387d 13646->13647 13653 2d392a339d5 13647->13653 13654 2d392a33484 13647->13654 13650 2d392a338ae 13650->13653 13658 2d392a33658 13650->13658 13651 2d392a3394a 13652 2d392a339bf NtQuerySystemInformation 13651->13652 13651->13653 13652->13653 13653->13641 13655 2d392a334ac 13654->13655 13656 2d392a33574 GetVolumeInformationW 13655->13656 13657 2d392a335c5 13655->13657 13656->13657 13657->13650 13659 2d392a3368a 13658->13659 13660 2d392a3376a CreateFileMappingW 13659->13660 13661 2d392a337a4 MapViewOfFile 13660->13661 13662 2d392a337c7 13660->13662 13661->13662 13662->13651

                                            Executed Functions

                                            Function 000002D392A3385C Relevance: 1.8, APIs: 1, Instructions: 269nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID: Information$QuerySystemVolume
                                            • String ID:
                                            • API String ID: 2187445334-0
                                            • Opcode ID: bbe3e2a7d344cf85ec3a4c395e4fae651ef179c001aa808880b53e11515cf003
                                            • Instruction ID: 07331b997c9316363d8fbcb6c6506f5728f9ac6ab6d10f8b1ecae08d5f5da4a1
                                            • Opcode Fuzzy Hash: bbe3e2a7d344cf85ec3a4c395e4fae651ef179c001aa808880b53e11515cf003
                                            • Instruction Fuzzy Hash: 9591C431108E094FE795EB34D859AEA73E1FB54341F408A2BD45BC32A1EF74DA418782
                                            Function 000002D392A32AC4 Relevance: .3, Instructions: 327COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 228 2d392a32ac4-2d392a32bb5 call 2d392a33b44 call 2d392a31030 call 2d392a31914 call 2d392a31488 call 2d392a316a0 call 2d392a31488 call 2d392a311dc call 2d392a31488 call 2d392a311dc call 2d392a31488 call 2d392a311dc 252 2d392a32dba-2d392a32dd5 call 2d392a31488 call 2d392a317dc 228->252 253 2d392a32bbb-2d392a32bc3 call 2d392a62736 228->253 262 2d392a32dda-2d392a32df6 252->262 256 2d392a32bc8-2d392a32bcd 253->256 258 2d392a32bd4-2d392a32bf0 256->258 259 2d392a32bcf-2d392a32bd2 256->259 261 2d392a32c01-2d392a32c03 258->261 277 2d392a32bf2-2d392a32bff call 2d392a62736 258->277 259->258 259->261 264 2d392a32c05-2d392a32c08 261->264 265 2d392a32c19-2d392a32c1c 261->265 271 2d392a32df8-2d392a32e38 call 2d392a34a20 call 2d392a35dc6 262->271 272 2d392a32e3b-2d392a32e50 call 2d392a33cb0 262->272 264->252 266 2d392a32c0e-2d392a32c17 264->266 265->252 267 2d392a32c22-2d392a32c25 265->267 266->265 269 2d392a32c27-2d392a32c2e 267->269 275 2d392a32c32-2d392a32c38 269->275 276 2d392a32c30 269->276 271->272 275->269 280 2d392a32c3a-2d392a32c5b call 2d392a31488 call 2d392a317dc 275->280 276->275 277->261 290 2d392a32c5d-2d392a32c64 280->290 291 2d392a32da3-2d392a32da9 290->291 292 2d392a32c6a-2d392a32d9e call 2d392a31914 call 2d392a31488 call 2d392a35dcc call 2d392a31488 * 2 call 2d392a35dcc call 2d392a31488 * 2 call 2d392a35dcc call 2d392a31488 * 2 call 2d392a35dcc call 2d392a31488 * 2 call 2d392a316a0 call 2d392a31488 call 2d392a35dcc call 2d392a31488 290->292 291->290 293 2d392a32daf-2d392a32db8 291->293 292->291 293->262
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0f2ab5fabc2a0e36146663c7120b09b4177702f3456a2b2b11960e1abc9f1dee
                                            • Instruction ID: a1aaaa8f31cf3a8ad5264459d700d23b63c6e642bae97994e29134c50f0c1aad
                                            • Opcode Fuzzy Hash: 0f2ab5fabc2a0e36146663c7120b09b4177702f3456a2b2b11960e1abc9f1dee
                                            • Instruction Fuzzy Hash: 50B18636118F095BE786EB14C8A5FDA73E1FBA4340F40461AA897C7196DE74EF05CB82
                                            Function 000002D392A56E1C Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID: socket$ErrorModegetsockopt
                                            • String ID:
                                            • API String ID: 552242919-0
                                            • Opcode ID: 2b6fb284fe353a32addd25f3df84090d0ecaa741c51bc7f7119ce81397f063fd
                                            • Instruction ID: 73a52e3ac517f12f0223f74255c65cd549382ae7d83f7d3d716e4427dab663ed
                                            • Opcode Fuzzy Hash: 2b6fb284fe353a32addd25f3df84090d0ecaa741c51bc7f7119ce81397f063fd
                                            • Instruction Fuzzy Hash: F2413335618A489FE794EF28E89CA9A77F1FB98300F40872EE446C32E5DF788504CB41
                                            Function 000002D392A33658 Relevance: 3.2, APIs: 2, Instructions: 176fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID: File$CreateMappingView
                                            • String ID:
                                            • API String ID: 3452162329-0
                                            • Opcode ID: bece0600f44f861c643c7654aa2f2e3f03c84c914f92a664447b07396d3fe0fc
                                            • Instruction ID: a32c51fd6490179ea121ad1b213026cbb39d9bbfcf4fbf9c702949619557b600
                                            • Opcode Fuzzy Hash: bece0600f44f861c643c7654aa2f2e3f03c84c914f92a664447b07396d3fe0fc
                                            • Instruction Fuzzy Hash: 2551A43111CB889BD765EB28C895BEAB7E0FB95301F40452FE8DAC2191DF749A05CB93
                                            Function 000002D392A579E0 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID: Completion$CreateFileModesNotificationPort
                                            • String ID:
                                            • API String ID: 3755109111-0
                                            • Opcode ID: 84be1d14cb65808509a283a73e814be659c70036e97280a94885828e4d56e97e
                                            • Instruction ID: e8cf66db868c8f2f7c7394bd79f3da408ab10f0f3dafe389d54514112db835a0
                                            • Opcode Fuzzy Hash: 84be1d14cb65808509a283a73e814be659c70036e97280a94885828e4d56e97e
                                            • Instruction Fuzzy Hash: 1631B0352049155FFBE8DB28DCACBBE32E4F754315F90406AF906D21D2DE61CE418782
                                            Function 000002D392A33484 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID: InformationVolume
                                            • String ID:
                                            • API String ID: 2039140958-0
                                            • Opcode ID: cbef5665e4e33130d77fabd6912371dd21022a2eb90503feaf05fbace3e60585
                                            • Instruction ID: ee1a91c70c56006680601af54dfebaa187941c73ae24f8ffe1837c54d6f056c3
                                            • Opcode Fuzzy Hash: cbef5665e4e33130d77fabd6912371dd21022a2eb90503feaf05fbace3e60585
                                            • Instruction Fuzzy Hash: 04513835118B484FE769DB24C4A9BDBB3F1FB94340F404A1EE48AC3191DF759A05C742
                                            Function 000002D392A57DD0 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID: socket
                                            • String ID:
                                            • API String ID: 98920635-0
                                            • Opcode ID: 164deb1e36558be1443e0572fd883e2d2b2af36008d1889a4b6708111c61d883
                                            • Instruction ID: 626477d91906560e6ec6d09b9e1ac86a8ddbfeeebf687fb1eec57cbc32e64805
                                            • Opcode Fuzzy Hash: 164deb1e36558be1443e0572fd883e2d2b2af36008d1889a4b6708111c61d883
                                            • Instruction Fuzzy Hash: D4210731304A044FEB88DB38DC9DBAA33E1FB54325F60466AEC2AD72D1DF648D014692
                                            Function 000002D392A328D4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 147b7861b8d55a5ae4162ffc4259640c3a28b81395385b0f304c643425426fcc
                                            • Instruction ID: 35501baf68d3641534ac40f75a67cd35073b3f03cf833ac3d57dd3a0f4b022d1
                                            • Opcode Fuzzy Hash: 147b7861b8d55a5ae4162ffc4259640c3a28b81395385b0f304c643425426fcc
                                            • Instruction Fuzzy Hash: 0E01A13A310E096AEBD8F334C879BFD22C6FB94390F84412A6C0AC21C2DE98CF044742
                                            Function 000002D392A328A0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID: AddressCallerProc
                                            • String ID:
                                            • API String ID: 2663294120-0
                                            • Opcode ID: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                            • Instruction ID: 4bb0bb5fde96332a8cccd7d1a8f2375c3ee033614117cd00c1b05daea22ef4f7
                                            • Opcode Fuzzy Hash: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                            • Instruction Fuzzy Hash: 05E02B12704C0D1BABA8A2BE649CBB651C6D7EC273744427BF81CC3295ED50CC410391
                                            Function 000002D392A32874 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 223 2d392a32874-2d392a32891 call 2d392a31994 226 2d392a32893-2d392a32896 LoadLibraryA 223->226 227 2d392a32898-2d392a3289e 223->227 226->227
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.2962230453.000002D392A30000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002D392A30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_2d392a30000_dllhost.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                            • Instruction ID: d39f46dc824e2a43665ae1734093b4d61398058f501c4b31746b5fc85bc441da
                                            • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                            • Instruction Fuzzy Hash: 0CD0A711320D0E2BEB88A33D5CA87B511C5F7DC325F90553BF809C2285ED98CD550301